CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.3 | $0-$5k | 0.00 |
A vulnerability was found in LibTIFF 4.0.9 (Image Processing Software). It has been classified as critical. Affected is the function TIFFFindField
of the file tif_dirinfo.c. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize, TIFFScanlineSize, TIFFTileSize, TIFFGetFieldDefaulted, and TIFFGetField), this sanitization of the tif structure is never being done and, hence, using them with an invalid or empty tif structure will trigger a buffer overflow, leading to a crash.
The bug was discovered 07/18/2018. The weakness was published 07/17/2018 (Website). The advisory is shared for download at bugzilla.maptools.org. This vulnerability is traded as CVE-2018-14373 since 07/17/2018. There are known technical details, but no exploit is available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Similar entries are available at 121561, 121562 and 121563.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.3
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
Timeline
07/16/2018 🔍07/17/2018 🔍
07/17/2018 🔍
07/17/2018 🔍
07/18/2018 🔍
07/18/2018 🔍
03/05/2020 🔍
Sources
Product: libtiff.orgAdvisory: bugzilla.maptools.org
Status: Not defined
CVE: CVE-2018-14373 (🔍)
SecurityFocus: 104912 - LibTIFF Multiple Buffer Overflow Vulnerabilities
See also: 🔍
Entry
Created: 07/18/2018 08:48Updated: 03/05/2020 19:29
Changes: 07/18/2018 08:48 (44), 03/05/2020 19:29 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.