QwikSec

Security Database

CVE

CWE

Training

CVE-2019-7663

Published: Feb 9, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugzilla.maptools.org/show_bug.cgi?id=2833

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1161

vendor-advisory

x_refsource_SUSE

https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.