CVE-2018-8905

Published: Mar 22, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugzilla.maptools.org/show_bug.cgi?id=2780

x_refsource_MISC

[debian-lts-announce] 20180514 [SECURITY] [DLA 1378-1] tiff3 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180514 [SECURITY] [DLA 1377-1] tiff security update

mailing-list

x_refsource_MLIST

https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow

x_refsource_MISC

USN-3864-1

vendor-advisory

x_refsource_UBUNTU

DSA-4349

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update

mailing-list

x_refsource_MLIST

https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d

x_refsource_CONFIRM

RHSA-2019:2053

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-8905

Description

Affected Products

References