Vulnerability Name: | CVE-2018-15209 (CCN-148105) | ||||||||||||||||||||||||||||||||
Assigned: | 2018-08-07 | ||||||||||||||||||||||||||||||||
Published: | 2018-08-07 | ||||||||||||||||||||||||||||||||
Updated: | 2020-08-24 | ||||||||||||||||||||||||||||||||
Summary: | ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 8.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
3.0 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||
References: | Source: CCN Type: Bug 2808 heap-buffer-overflow in tiff2pdf Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory http://bugzilla.maptools.org/show_bug.cgi?id=2808 Source: MITRE Type: CNA CVE-2018-15209 Source: CCN Type: IBM Security Bulletin 881778 (VRA - Vyatta 5600) Vyatta 5600 vRouter Software Patches - Release 1801-v Source: BID Type: Third Party Advisory, VDB Entry 105092 Source: CCN Type: BID-105092 LibTIFF CVE-2018-15209 Heap Based Buffer Overflow Vulnerability Source: CCN Type: LibTIFF Web site LibTIFF Source: XF Type: UNKNOWN libtiff-cve201815209-dos(148105) Source: DEBIAN Type: Third Party Advisory DSA-4349 Source: CCN Type: IBM Security Bulletin 6572711 (Netezza Analytics for NPS) Gdal vulnerabilities affect IBM Netezza Analytics for NPS Source: CCN Type: IBM Security Bulletin 6833582 (Cloud Pak for Security) IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |