Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-15209

Опубликовано: 08 авг. 2018
Источник: debian
EPSS Низкий

Описание

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tifffixed4.0.9-5package
tiffnot-affectedjessiepackage
tiff3removedpackage

Примечания

  • http://bugzilla.maptools.org/show_bug.cgi?id=2808

  • Different issue than CVE-2017-11613 but adressed with same set of commits.

  • Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8

  • Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be

EPSS

Процентиль: 71%
0.00685
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-15209

CVSS3: 8.8
ubuntu
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

redhat логотип

CVE-2018-15209

CVSS3: 5.3
redhat
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

nvd логотип

CVE-2018-15209

CVSS3: 8.8
nvd
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

github логотип

GHSA-hpvx-h4gg-hpc4

CVSS3: 8.8
github
около 3 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

rocky логотип

RLSA-2024:5079

rocky
10 месяцев назад

Moderate: libtiff security update

EPSS

Процентиль: 71%
0.00685
Низкий