LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	104089
Class:	Boundary Condition Error
CVE:	CVE-2018-10779
Remote:	Yes
Local:	No
Published:	May 07 2018 12:00AM
Updated:	May 07 2018 12:00AM
Credit:	NESA Lab(nesa.zju.edu.cn)
Vulnerable:	LibTIFF LibTIFF 3.8.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1
Not Vulnerable:

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

LibTIFF is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to obtain sensitive information or cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

LibTIFF 3.8.2 is vulnerable; other versions may also be affected.

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

References:

• LibTIFF Homepage (LibTIFF)
  
• Bug 2788 - Heap Buffer Overflow in TIFFWriteScanline of tif_write.c (maptools.org)