CVE-2018-10963 : The TIFFWriteDirectorySec() function in tif

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

Published 2018-05-10 02:29:01

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2018-10963

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Libtiff » Libtiff
Versions up to, including, (<=) 4.0.9
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-10963

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-10963

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-10963

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-10963

http://bugzilla.maptools.org/show_bug.cgi?id=2795

Bug 2795 – There is a reachable assertion abort in function TIFFWriteDirectorySec() of libtiff 4.0.9. A crafted input will lead to remote denial of attack. (CVE-2018-10963)
Exploit;Issue Tracking;Third Party Advisory
https://usn.ubuntu.com/3864-1/

USN-3864-1: LibTIFF vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4349

Debian -- Security Information -- DSA-4349-1 tiff
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html

[SECURITY] [DLA 1411-1] tiff security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2053

RHSA-2019:2053 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-10963

Products affected by CVE-2018-10963

Exploit prediction scoring system (EPSS) score for CVE-2018-10963

CVSS scores for CVE-2018-10963

CWE ids for CVE-2018-10963

References for CVE-2018-10963