CVE-2018-12900
Description
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.33
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.6-1ubuntu0.6_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.6-1ubuntu0.6_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-5ubuntu0.2_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-5ubuntu0.2_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-6ubuntu0.2_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-6ubuntu0.2_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.3-7ubuntu0.11_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.3-7ubuntu0.11_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.6-1ubuntu0.6_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.6-1ubuntu0.6_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-5ubuntu0.2_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-5ubuntu0.2_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-6ubuntu0.2_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-6ubuntu0.2_amd64.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.3-7ubuntu0.11_i386.deb | Linux |
| Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.3-7ubuntu0.11_amd64.deb | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-32bit-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-debuginfo-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-debuginfo-32bit-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) tiff-debuginfo-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Desktop 12-SP3 ) tiff-debugsource-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-1(SUSE Linux Enterprise Server 12-SP3 ) tiff-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-32bit-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-debuginfo-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-debuginfo-32bit-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) tiff-debuginfo-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Desktop 12-SP4 ) tiff-debugsource-4.0.9-44.27.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3911-2(SUSE Linux Enterprise Server 12-SP4 ) tiff-4.0.9-44.27.1.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpm | Linux |
| Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.i686.rpm | Linux |
| Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234