CVE-2018-12900

high-risk
Published 2018-06-26

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Do I need to act?

~
9.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Libtiff Canonical

References (16)

Exploit http://bugzilla.maptools.org/show_bug.cgi?id=2798
https://access.redhat.com/errata/RHSA-2019:2053
https://access.redhat.com/errata/RHSA-2019:3419
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
Third Party Advisory https://usn.ubuntu.com/3906-1/
https://usn.ubuntu.com/3906-2/
https://www.debian.org/security/2020/dsa-4670
Exploit http://bugzilla.maptools.org/show_bug.cgi?id=2798
https://access.redhat.com/errata/RHSA-2019:2053
https://access.redhat.com/errata/RHSA-2019:3419
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
Third Party Advisory https://usn.ubuntu.com/3906-1/
https://usn.ubuntu.com/3906-2/
https://www.debian.org/security/2020/dsa-4670
53
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 11/34 · Low
Exposure 12/34 · Low