UBUNTU-CVE-2018-12900
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2018-12900
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-12900.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-12900
- Related
- Published
- 2018-06-26T00:00:00Z
- Modified
- 2018-06-26T00:00:00Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
- References
Affected packages
Ubuntu:14.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.11?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.3-7ubuntu0.11
Affected versions
4.*
4.0.2-4ubuntu3
4.0.3-5ubuntu1
4.0.3-6
4.0.3-6ubuntu1
4.0.3-7
4.0.3-7ubuntu0.1
4.0.3-7ubuntu0.2
4.0.3-7ubuntu0.3
4.0.3-7ubuntu0.4
4.0.3-7ubuntu0.6
4.0.3-7ubuntu0.7
4.0.3-7ubuntu0.8
4.0.3-7ubuntu0.9
4.0.3-7ubuntu0.10
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libtiff-doc": "4.0.3-7ubuntu0.11",
"libtiff5-dbgsym": "4.0.3-7ubuntu0.11",
"libtiff-opengl": "4.0.3-7ubuntu0.11",
"libtiffxx5-dbgsym": "4.0.3-7ubuntu0.11",
"libtiff4-dev": "4.0.3-7ubuntu0.11",
"libtiff-opengl-dbgsym": "4.0.3-7ubuntu0.11",
"libtiff-tools-dbgsym": "4.0.3-7ubuntu0.11",
"libtiff5": "4.0.3-7ubuntu0.11",
"libtiff5-alt-dev": "4.0.3-7ubuntu0.11",
"libtiff-tools": "4.0.3-7ubuntu0.11",
"libtiffxx5": "4.0.3-7ubuntu0.11",
"libtiff5-dev": "4.0.3-7ubuntu0.11"
}
]
}
Ubuntu:16.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.6?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.6-1ubuntu0.6
Affected versions
4.*
4.0.3-12.3ubuntu2
4.0.5-1
4.0.6-1
4.0.6-1ubuntu0.1
4.0.6-1ubuntu0.2
4.0.6-1ubuntu0.3
4.0.6-1ubuntu0.4
4.0.6-1ubuntu0.5
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libtiff-doc": "4.0.6-1ubuntu0.6",
"libtiff5-dbgsym": "4.0.6-1ubuntu0.6",
"libtiff-opengl": "4.0.6-1ubuntu0.6",
"libtiffxx5-dbgsym": "4.0.6-1ubuntu0.6",
"libtiff-opengl-dbgsym": "4.0.6-1ubuntu0.6",
"libtiff-tools-dbgsym": "4.0.6-1ubuntu0.6",
"libtiff5": "4.0.6-1ubuntu0.6",
"libtiff-tools": "4.0.6-1ubuntu0.6",
"libtiffxx5": "4.0.6-1ubuntu0.6",
"libtiff5-dev": "4.0.6-1ubuntu0.6"
}
]
}
Ubuntu:18.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff@4.0.9-5ubuntu0.2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.9-5ubuntu0.2
Affected versions
4.*
4.0.8-5
4.0.8-6
4.0.9-1
4.0.9-2
4.0.9-3
4.0.9-4
4.0.9-4ubuntu1
4.0.9-5
4.0.9-5ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libtiff-doc": "4.0.9-5ubuntu0.2",
"libtiff5-dbgsym": "4.0.9-5ubuntu0.2",
"libtiff-opengl": "4.0.9-5ubuntu0.2",
"libtiffxx5-dbgsym": "4.0.9-5ubuntu0.2",
"libtiff-opengl-dbgsym": "4.0.9-5ubuntu0.2",
"libtiff-tools-dbgsym": "4.0.9-5ubuntu0.2",
"libtiff5": "4.0.9-5ubuntu0.2",
"libtiff-dev": "4.0.9-5ubuntu0.2",
"libtiff-tools": "4.0.9-5ubuntu0.2",
"libtiffxx5": "4.0.9-5ubuntu0.2",
"libtiff5-dev": "4.0.9-5ubuntu0.2"
}
]
}