Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-15209

Опубликовано: 07 авг. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

Отчет

Red Hat has determined that this vulnerability has a moderate severity due to a series of factors. Firstly, the attack vector necessary to successfully exploit this flaw is local, given that the attacker must rely on user interaction (by tricking or fooling them into opening a maliciously-crafted TIFF file). Secondly, the CIA impact of this vulnerability should be assumed to be Low for all three vectors, due to to the fact that a successful crash would only impact the LibTIFF application itself, the application does not inherently have access to nor handle sensitive or confidential information, and since it causes a DoS due to heap-based buffer overflow there is little indication that this will modify or alter data. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libtiffNot affected
Red Hat Enterprise Linux 6libtiffNot affected
Red Hat Enterprise Linux 7compat-libtiff3Not affected
Red Hat Enterprise Linux 7libtiffNot affected
Red Hat Enterprise Linux 8libtiffFixedRHSA-2024:507907.08.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1614051libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c

EPSS

Процентиль: 69%
0.00604
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-15209

CVSS3: 8.8
ubuntu
около 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

nvd логотип

CVE-2018-15209

CVSS3: 8.8
nvd
около 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

debian логотип

CVE-2018-15209

CVSS3: 8.8
debian
около 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows ...

github логотип

GHSA-hpvx-h4gg-hpc4

CVSS3: 8.8
github
больше 3 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

rocky логотип

RLSA-2024:5079

rocky
12 месяцев назад

Moderate: libtiff security update

EPSS

Процентиль: 69%
0.00604
Низкий

5.3 Medium

CVSS3