Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-7663

Опубликовано: 18 дек. 2018
Источник: redhat
CVSS3: 0
EPSS Низкий

Описание

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Отчет

This report appears to be a duplicate of CVE-2018-17000. While the crash manifests differently, both vulnerabilities are fixed by the same upstream commit.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libtiffNot affected
Red Hat Enterprise Linux 6libtiffNot affected
Red Hat Enterprise Linux 7libtiffNot affected
Red Hat Enterprise Linux 8libtiffNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-190->CWE-822
https://bugzilla.redhat.com/show_bug.cgi?id=1677528libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference

EPSS

Процентиль: 82%
0.01762
Низкий

0 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-7663

CVSS3: 6.5
ubuntu
больше 6 лет назад

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

nvd логотип

CVE-2019-7663

CVSS3: 6.5
nvd
больше 6 лет назад

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

debian логотип

CVE-2019-7663

CVSS3: 6.5
debian
больше 6 лет назад

An Invalid Address dereference was discovered in TIFFWriteDirectoryTag ...

github логотип

GHSA-26x4-fg42-26fj

CVSS3: 6.5
github
больше 3 лет назад

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

fstec логотип

BDU:2020-03281

fstec
больше 6 лет назад

Уязвимость функции TIFFWriteDirectoryTagTransferfunction программного обеспечения для просмотра, редактирования и конвертирования TIFF-файлов, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01762
Низкий

0 Low

CVSS3