Home

CVE-2018-15209

Description

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.628

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
(RHSA-2024:5079)Moderate: security update libtiff-tools-debuginfo-4.0.9-32.el8_10.x86_64.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-tools-debuginfo-4.0.9-32.el8_10.i686.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-devel-4.0.9-32.el8_10.x86_64.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-devel-4.0.9-32.el8_10.i686.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-debugsource-4.0.9-32.el8_10.x86_64.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-debugsource-4.0.9-32.el8_10.i686.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-debuginfo-4.0.9-32.el8_10.x86_64.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-debuginfo-4.0.9-32.el8_10.i686.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-4.0.9-32.el8_10.x86_64.rpmLinux
(RHSA-2024:5079)Moderate: security update libtiff-4.0.9-32.el8_10.i686.rpmLinux
Libtiff-devel update (ELSA-2024-5079) libtiff-devel-4.0.9-32.el8_10.x86_64.rpmLinux
Libtiff-devel update (ELSA-2024-5079) libtiff-devel-4.0.9-32.el8_10.i686.rpmLinux
Libtiff update (ELSA-2024-5079) libtiff-4.0.9-32.el8_10.x86_64.rpmLinux
Libtiff update (ELSA-2024-5079) libtiff-4.0.9-32.el8_10.i686.rpmLinux
libtiff security update (RLSA-2024:5079) libtiff-4.0.9-32.el8_10.i686.rpmLinux
libtiff security update (RLSA-2024:5079) libtiff-4.0.9-32.el8_10.x86_64.rpmLinux
libtiff security update (RLSA-2024:5079) libtiff-devel-4.0.9-32.el8_10.i686.rpmLinux
libtiff security update (RLSA-2024:5079) libtiff-devel-4.0.9-32.el8_10.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234