CVE-2018-18557

Published: Oct 22, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Affected (7)

Products: Libtiff: Libtiff · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

https://access.redhat.com/errata/RHSA-2019:2053

Source: cve@mitre.org

https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557

Source: cve@mitre.org

https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66

Source: cve@mitre.org

https://gitlab.com/libtiff/libtiff/merge_requests/38

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201904-15

Source: cve@mitre.org

https://usn.ubuntu.com/3864-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3906-2/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4349

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/45694/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2053

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.com/libtiff/libtiff/merge_requests/38

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201904-15

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3864-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3906-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4349

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/45694/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.