LibTIFF CVE-2018-5784 Denial of Service Vulnerability
BID:106270
Info
LibTIFF CVE-2018-5784 Denial of Service Vulnerability
| Bugtraq ID: | 106270 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2018-5784 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2018 12:00AM |
| Updated: | Jan 18 2018 12:00AM |
| Credit: | Wei You |
| Vulnerable: |
Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 Redhat Enterprise Linux 5 Oracle Solaris 11.4 LibTIFF LibTIFF 4.0.9 |
| Not Vulnerable: |
Oracle Solaris 11.4 SRU 2 |
Discussion
LibTIFF CVE-2018-5784 Denial of Service Vulnerability
LibTIFF is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
LibTIFF 4.0.9 is vulnerable; other versions may also be vulnerable.
LibTIFF is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
LibTIFF 4.0.9 is vulnerable; other versions may also be vulnerable.
Exploit / POC
LibTIFF CVE-2018-5784 Denial of Service Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
LibTIFF CVE-2018-5784 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
LibTIFF CVE-2018-5784 Denial of Service Vulnerability
References:
References:
- Bug 2772 - Uncontrolled resource consumption in TIFFSetDirectory (src/libtiff/t (LibTIFF)
- Bug 1537740 (CVE-2018-5784) - CVE-2018-5784 libtiff: uncontrolled resource consu (Red Hat Bugzilla)
- CVE-2018-5784 (Red Hat Bugzilla)
- LibTIFF Homepage (LibTIFF)
- Fix for bug 2772 (LibTIFF)
- Oracle Solaris Third Party Bulletin - October 2018 (Oracle)