← back
CVE-2018-12900

CVE-2018-12900

EPSS 25.2%
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugzilla.maptools.org/show_bug.cgi?id=2798https://access.redhat.com/errata/RHSA-2019:2053https://access.redhat.com/errata/RHSA-2019:3419https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900https://lists.debian.org/debian-lts-announce/2019/11/msg00027.htmlhttps://usn.ubuntu.com/3906-1/https://usn.ubuntu.com/3906-2/https://www.debian.org/security/2020/dsa-4670