libtiff.so is vulnerable to buffer overflow. When JBIG
is enabled, the JBIGDecode
function in tif_jbig.c
ignores the buffer size when decoding JBIG
objects with arbitrary size, which can lead to an out-of-bounds write.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | le | 5.7.0 | |
libtiff | le | 4.0.6.2 |
access.redhat.com/errata/RHSA-2019:2053
github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557
gitlab.com/libtiff/libtiff/commit/183102bc2610eb589f808b889e043fef7734d128
gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
gitlab.com/libtiff/libtiff/merge_requests/38
lists.debian.org/debian-lts-announce/2018/10/msg00019.html
security.gentoo.org/glsa/201904-15
usn.ubuntu.com/3864-1/
usn.ubuntu.com/3906-2/
www.debian.org/security/2018/dsa-4349
www.exploit-db.com/exploits/45694/