Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10779

Опубликовано: 07 мая 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial of Service.

Отчет

This vulnerability is rated as low severity because it causes a denial of service due to a heap-based buffer over-read, it may crash the application, it does not pose a significant risk to system security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libtiffWill not fix
Red Hat Enterprise Linux 6libtiffWill not fix
Red Hat Enterprise Linux 8libtiffWill not fix
Red Hat Enterprise Linux 7libtiffFixedRHSA-2019:205306.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1577311libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c

EPSS

Процентиль: 53%
0.003
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10779

CVSS3: 6.5
ubuntu
почти 8 лет назад

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

nvd логотип

CVE-2018-10779

CVSS3: 6.5
nvd
почти 8 лет назад

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

debian логотип

CVE-2018-10779

CVSS3: 6.5
debian
почти 8 лет назад

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buf ...

github логотип

GHSA-wj57-m3p3-7h23

CVSS3: 6.5
github
больше 3 лет назад

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

fstec логотип

BDU:2020-03212

CVSS3: 6.5
fstec
почти 8 лет назад

Уязвимость функции TIFFWriteScanline библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 53%
0.003
Низкий

5.3 Medium

CVSS3