8.8

CVE-2018-17101

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
LibtiffLibtiff Version4.0.9
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.16% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2019:2053
https://www.debian.org/security/2018/dsa-4349
Third Party Advisory
https://usn.ubuntu.com/3864-1/
Third Party Advisory
https://usn.ubuntu.com/3906-2/
https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html
Third Party Advisory
Mailing List
http://bugzilla.maptools.org/show_bug.cgi?id=2807
Patch
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/bid/105370
Third Party Advisory
VDB Entry
https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
Patch
Third Party Advisory