Heap-based buffer overflow in tiff (Alpine package)

1) Heap-based buffer overflow

EUVDB-ID: #VU11263

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:U]

CVE-ID: CVE-2018-8905

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the LZWDecodeCompat function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tiff (Alpine package): 4.0.1-r0 - 4.0.9-r3

External links

http://git.alpinelinux.org/aports/commit/?id=c1c8c5a78a149b9954517df485d61e66a73a93a4
http://git.alpinelinux.org/aports/commit/?id=78ce279c75c408856851a5d65aa3c6cad2eb3304
http://git.alpinelinux.org/aports/commit/?id=942d54f276770d9b694bd1d2720587b4fd09b789
http://git.alpinelinux.org/aports/commit/?id=b5048f60578944dd85221fa9d5e279872d2315b9
http://git.alpinelinux.org/aports/commit/?id=d9df36a6ec1d80263dd65a582b3b4b207b92ecd3
http://git.alpinelinux.org/aports/commit/?id=e6a6453651a9c3c80af79c2193ce5ba2d9204c4c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.