CVE-2019-7663

Published: Feb 9, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Affected (8)

Products: Libtiff: Libtiff · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Libtiff: Libtiff · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0

References (16)

http://bugzilla.maptools.org/show_bug.cgi?id=2833

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202003-25

Source: cve@mitre.org

https://usn.ubuntu.com/3906-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3906-2/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4670

Source: cve@mitre.org

http://bugzilla.maptools.org/show_bug.cgi?id=2833

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202003-25

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3906-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3906-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4670

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.