8.8

CVE-2018-12900

Exploit
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version4.0.9
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.18% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2019:2053
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
https://usn.ubuntu.com/3906-1/
Third Party Advisory
https://usn.ubuntu.com/3906-2/
http://bugzilla.maptools.org/show_bug.cgi?id=2798
Third Party Advisory
Exploit
Issue Tracking
https://access.redhat.com/errata/RHSA-2019:3419
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
https://www.debian.org/security/2020/dsa-4670