CVE-2018-12900 : Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Published 2018-06-26 22:29:00

Updated 2021-03-05 19:15:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2018-12900

Libtiff » Libtiff » Version: 4.0.9
cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-12900

EPSS FAQ

11.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12900

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-12900

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-12900

https://access.redhat.com/errata/RHSA-2019:3419

RHSA-2019:3419 - Security Advisory - Red Hat Customer Portal
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900

Pocs_for_Multi_Versions/CVE-2018-12900 at main · Hack-Me/Pocs_for_Multi_Versions · GitHub
https://usn.ubuntu.com/3906-2/

USN-3906-2: LibTIFF vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html

[SECURITY] [DLA 2009-1] tiff security update

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2053

RHSA-2019:2053 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://usn.ubuntu.com/3906-1/

USN-3906-1: LibTIFF vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://bugzilla.maptools.org/show_bug.cgi?id=2798

Bug 2798 – two heap-based buffer overflow bugs in tiffcp.c of LibTIFF 4.0.9 (CVE-2018-12900)
Exploit;Issue Tracking;Third Party Advisory
https://www.debian.org/security/2020/dsa-4670

Debian -- Security Information -- DSA-4670-1 tiff

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-12900

Products affected by CVE-2018-12900

Exploit prediction scoring system (EPSS) score for CVE-2018-12900

CVSS scores for CVE-2018-12900

CWE ids for CVE-2018-12900

References for CVE-2018-12900