Bug 1595575 (CVE-2018-12900)
Summary: | CVE-2018-12900 libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | erik-fedora, mike, nforro, phracek, tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 19:19:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1595576, 1595577, 1595578, 1595579, 1600430 | ||
Bug Blocks: | 1595581 |
Description
Andrej Nemec
2018-06-27 07:48:55 UTC
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1595576] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1595578] Affects: fedora-all [bug 1595577] Raised CVSSv3 to 5.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L because I do not exclude something more than a simple crash is possible with this flaw. Indeed you can overwrite many bytes after the limits of an heap-allocated buffer, thus code execution through heap manipulation is not excluded. The flaw is in the tiffcp binary and not in the libtiff library, thus programs that use libtiff are not affected. Patch is not available upstream yet. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12900 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3419 https://access.redhat.com/errata/RHSA-2019:3419 |