#VU12422 Heap-based buffer over-read in LibTIFF


Published: 2018-05-07 | Updated: 2022-05-21

Vulnerability identifier: #VU12422

Vulnerability risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:U]

CVE-ID: CVE-2018-10779

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
LibTIFF
Universal components / Libraries / Libraries used by multiple products

Vendor: LibTIFF

Description
The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the TIFFWriteScanline function in the tif_write.csource code file due to insufficient validation of user-supplied input. A local attacker can use the .bmp2tiff command to execute a specially crafted file, trigger heap-based buffer over-read and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

LibTIFF: 3.8.2

External links
http://bugzilla.maptools.org/show_bug.cgi?id=2788

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Amazon Linux AMI update for libtiff
Red Hat update for libtiff
Arch Linux update for lib32-libtiff
Slackware Linux update for libtiff
Heap-based buffer over-read in tiff (Alpine package)
OpenSUSE Linux update for tiff
Denial of service in LibTIFF