CVE-2018-12900

HIGH8.8EPSS 9.9%

tiff - security update

發布日:2018/6/26修改日:2026/4/28

描述

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

受影響套件(3)

Alpine/tifffrom 0, < 4.0.10-r0
Debian/tifffrom 0, < 4.0.10-4
Debian/tifffrom 0, < 4.0.8-2+deb9u5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-12900
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-12900