Project

General

Profile

Bug #9714

tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)

Added by Alicha CH 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
11/29/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661

Description

CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

References:

http://bugzilla.maptools.org/show_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900

CVE-2018-18557: Out-of-bounds write in tif_jbig.c

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer,
ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

References:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557

CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function
LZWDecode in the file tif_lzw.c.

References:

http://bugzilla.maptools.org/show_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661

Patch:

https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f


Subtasks

Bug #9715: [3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)Closed

Bug #9716: [3.8] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)Closed

Bug #9717: [3.7] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)Closed

Bug #9718: [3.6] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)Closed

History

#2 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF