ID CVE-2018-18557
Summary LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
References
Vulnerable Configurations
  • cpe:2.3:a:libtiff:libtiff:4.0.9
    cpe:2.3:a:libtiff:libtiff:4.0.9
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-787
CAPEC
exploit-db via4
file exploits/linux/dos/45694.c
id EDB-ID:45694
last seen 2018-11-30
modified 2018-10-25
platform linux
port
published 2018-10-25
reporter Exploit-DB
source https://www.exploit-db.com/download/45694
title libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
type dos
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-BD18C784DE.NASL
    description New release with a lot of security fixes: http://www.simplesystems.org/libtiff/v4.0.10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120748
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120748
    title Fedora 29 : libtiff (2018-bd18c784de)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1479.NASL
    description This update for tiff fixes the following issues : Security issues fixed : - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed : - asan_build: build ASAN included - debug_build: build more suitable for debugging This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 119297
    published 2018-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119297
    title openSUSE Security Update : tiff (openSUSE-2018-1479)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1480.NASL
    description This update for tiff fixes the following issues : Security issues fixed : - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed : - asan_build: build ASAN included - debug_build: build more suitable for debugging This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 119298
    published 2018-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119298
    title openSUSE Security Update : tiff (openSUSE-2018-1480)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3911-1.NASL
    description This update for tiff fixes the following issues : Security issues fixed : CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: asan_build: build ASAN included debug_build: build more suitable for debugging Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119214
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119214
    title SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:3911-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3911-2.NASL
    description This update for tiff fixes the following issues : Security issues fixed : CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: asan_build: build ASAN included debug_build: build more suitable for debugging Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119555
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119555
    title SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:3911-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3925-1.NASL
    description This update for tiff fixes the following issues : Security issues fixed : CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: asan_build: build ASAN included debug_build: build more suitable for debugging Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120170
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120170
    title SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2018:3925-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1557.NASL
    description CVE-2018-17100 An int32 overflow can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file CVE-2018-17101 Out-of-bounds writes can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file CVE-2018-18557 Out-of-bounds write due to ignoring buffer size can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file For Debian 8 'Jessie', these problems have been fixed in version 4.0.3-12.3+deb8u7. We recommend that you upgrade your tiff packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-05
    plugin id 118470
    published 2018-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118470
    title Debian DLA-1557-1 : tiff security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-67A6BF4AC1.NASL
    description New release with a lot of security fixes: http://www.simplesystems.org/libtiff/v4.0.10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120487
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120487
    title Fedora 28 : libtiff (2018-67a6bf4ac1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-399BCE9F8F.NASL
    description New release with a lot of security fixes: http://www.simplesystems.org/libtiff/v4.0.10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119126
    published 2018-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119126
    title Fedora 27 : libtiff (2018-399bce9f8f)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2019-2_0-0118_LIBTIFF.NASL
    description An update of the libtiff package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 122024
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122024
    title Photon OS 2.0: Libtiff PHSA-2019-2.0-0118
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4349.NASL
    description Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 119314
    published 2018-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119314
    title Debian DSA-4349-1 : tiff - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3864-1.NASL
    description It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-23
    plugin id 121329
    published 2019-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121329
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : tiff vulnerabilities (USN-3864-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/149974/GS20181026152843.txt
id PACKETSTORM:149974
last seen 2018-10-26
published 2018-10-26
reporter Thomas Dullien
source https://packetstormsecurity.com/files/149974/Libtiff-Decodes-Arbitrarilly-Sozed-JBIG-Into-A-Target-Buffer.html
title Libtiff Decodes Arbitrarilly-Sozed JBIG Into A Target Buffer
refmap via4
debian DSA-4349
exploit-db 45694
gentoo GLSA-201904-15
misc https://gitlab.com/libtiff/libtiff/merge_requests/38
mlist [debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update
ubuntu
  • USN-3864-1
  • USN-3906-2
Last major update 22-10-2018 - 12:29
Published 22-10-2018 - 12:29
Last modified 15-04-2019 - 19:29
Back to Top