libtiff.so is vulnerable to buffer overflow. When JBIG is enabled, the JBIGDecode function in tif_jbig.c ignores the buffer size when decoding JBIG objects with arbitrary size, which can lead to an out-of-bounds write.

CPENameOperatorVersion
libtiff.sole5.7.0
libtiffle4.0.6.2

CPE	Name	Operator	Version
	libtiff.so	le	5.7.0
	libtiff	le	4.0.6.2

References

access.redhat.com/errata/RHSA-2019:2053

github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557

gitlab.com/libtiff/libtiff/commit/183102bc2610eb589f808b889e043fef7734d128

gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66

gitlab.com/libtiff/libtiff/merge_requests/38

lists.debian.org/debian-lts-announce/2018/10/msg00019.html

security.gentoo.org/glsa/201904-15

usn.ubuntu.com/3864-1/

usn.ubuntu.com/3906-2/

www.debian.org/security/2018/dsa-4349

www.exploit-db.com/exploits/45694/

cve 1

osv 3

gentoo 1

debiancve 1

alpinelinux 1

f5 1

nvd 1

cvelist 1

checkpoint_advisories 1

nessus 31

ubuntucve 1

packetstorm 1

prion 1

redhatcve 1

zdt 1

openvas 18

suse 2

mageia 1

debian 2

archlinux 2

fedora 3

photon 2

cloudfoundry 1

ubuntu 2

redhat 1

centos 1

oraclelinux 1

amazon 2

ibm 1

cve

CVE-2018-18557

2018-10-22 16:29:00

osv

CVE-2018-18557

2018-10-22 16:29:00

tiff - security update

2018-10-28 00:00:00

tiff - security update

2018-11-30 00:00:00

gentoo

libTIFF: Denial of service

2019-04-15 00:00:00

debiancve

CVE-2018-18557

2018-10-22 16:29:00

alpinelinux

CVE-2018-18557

2018-10-22 16:29:00

K70117303 : LibTIFF vulnerability CVE-2018-18557

2020-12-07 00:00:00

nvd

CVE-2018-18557

2018-10-22 16:29:00

cvelist

CVE-2018-18557

2018-10-22 16:00:00

checkpoint_advisories

LibTIFF Heap Buffer Overflow (CVE-2018-18557)

2019-02-14 00:00:00

nessus

F5 Networks BIG-IP : LibTIFF vulnerability (K70117303)

2023-11-02 00:00:00

GLSA-201904-15 : libTIFF: Denial of service

2019-04-16 00:00:00

Fedora 28 : libtiff (2018-67a6bf4ac1)

2019-01-03 00:00:00

ubuntucve

CVE-2018-18557

2018-10-22 00:00:00

packetstorm

Libtiff Decodes Arbitrarilly-Sozed JBIG Into A Target Buffer

2018-10-26 00:00:00

prion

Out-of-bounds

2018-10-22 16:29:00

redhatcve

CVE-2018-18557

2018-10-30 09:58:56

zdt

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Exploit

2018-10-25 00:00:00

openvas

openSUSE: Security Advisory for tiff (openSUSE-SU-2018:3948-1)

2018-12-04 00:00:00

Mageia: Security Advisory (MGASA-2018-0493)

2022-01-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2018:3911-2)

2021-04-19 00:00:00

suse

Security update for tiff (moderate)

2018-11-30 00:10:39

Security update for tiff (moderate)

2018-11-30 00:09:39

mageia

Updated libtiff packages fix security vulnerabilities

2018-12-30 02:24:32

debian

[SECURITY] [DLA 1557-1] tiff security update

2018-10-28 13:17:29

[SECURITY] [DSA 4349-1] tiff security update

2018-11-30 22:41:54

archlinux

[ASA-201811-17] libtiff: multiple issues

2018-11-20 00:00:00

[ASA-201811-18] lib32-libtiff: multiple issues

2018-11-20 00:00:00

fedora

[SECURITY] Fedora 29 Update: libtiff-4.0.10-1.fc29

2018-11-24 02:29:50

[SECURITY] Fedora 28 Update: libtiff-4.0.10-1.fc28

2018-11-24 01:56:56

[SECURITY] Fedora 27 Update: libtiff-4.0.10-1.fc27

2018-11-24 03:21:12

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0118

2019-01-07 00:00:00

Important Photon OS Security Update - PHSA-2019-0118

2019-01-07 00:00:00

cloudfoundry

USN-3864-1: LibTIFF vulnerabilities | Cloud Foundry

2019-01-24 00:00:00

ubuntu

LibTIFF vulnerabilities

2019-01-22 00:00:00

LibTIFF vulnerabilities

2019-03-18 00:00:00

redhat

(RHSA-2019:2053) Moderate: libtiff security update

2019-08-06 07:56:00

centos

libtiff security update

2019-08-30 03:31:24

oraclelinux

libtiff security update

2019-08-13 00:00:00

amazon

Medium: libtiff

2019-10-21 18:01:00

Medium: libtiff

2019-10-08 21:06:00

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-v

2019-04-18 16:40:01

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.283 Low

EPSS

Percentile

96.9%

JSON

Related for VERACODE:7632