Home

CVE-2018-17101

Description

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.525

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.6-1ubuntu0.5_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.6-1ubuntu0.5_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.9-5ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.9-5ubuntu0.1_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.9-6ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.9-6ubuntu0.1_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.3-7ubuntu0.10_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff5_4.0.3-7ubuntu0.10_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.6-1ubuntu0.5_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.6-1ubuntu0.5_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.9-5ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.9-5ubuntu0.1_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.9-6ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.9-6ubuntu0.1_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.3-7ubuntu0.10_i386.debLinux
Tag Image File Format (TIFF) library (USN-3864-1) libtiff-tools_4.0.3-7ubuntu0.10_amd64.debLinux
(RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpmLinux
(RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpmLinux
Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.i686.rpmLinux
Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.x86_64.rpmLinux
Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.i686.rpmLinux
Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234