Vulnerabilities |
2 via 6 paths |
|---|---|
Dependencies |
413 |
Source |
Docker |
Target OS |
ubuntu:17.10 |
low severity
- Vulnerable module: tiff/libtiff5
- Introduced through: tiff/libtiff5@4.0.8-5ubuntu0.1, tiff/libtiff5-dev@4.0.8-5ubuntu0.1 and others
Detailed paths
-
Introduced through: buildpack-deps@17.10 › tiff/libtiff5@4.0.8-5ubuntu0.1
-
Introduced through: buildpack-deps@17.10 › tiff/libtiff5-dev@4.0.8-5ubuntu0.1
-
Introduced through: buildpack-deps@17.10 › tiff/libtiffxx5@4.0.8-5ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu.
See How to fix? for Ubuntu:17.10 relevant fixed versions and status.
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Remediation
There is no fixed version for Ubuntu:17.10 tiff.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12900
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
- https://www.debian.org/security/2020/dsa-4670
- https://security-tracker.debian.org/tracker/CVE-2018-12900
- http://bugzilla.maptools.org/show_bug.cgi?id=2798
- https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
- https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:2053
- https://access.redhat.com/errata/RHSA-2019:3419
- https://usn.ubuntu.com/3906-1/
- https://usn.ubuntu.com/3906-2/
low severity
- Vulnerable module: tiff/libtiff5
- Introduced through: tiff/libtiff5@4.0.8-5ubuntu0.1, tiff/libtiff5-dev@4.0.8-5ubuntu0.1 and others
Detailed paths
-
Introduced through: buildpack-deps@17.10 › tiff/libtiff5@4.0.8-5ubuntu0.1
-
Introduced through: buildpack-deps@17.10 › tiff/libtiff5-dev@4.0.8-5ubuntu0.1
-
Introduced through: buildpack-deps@17.10 › tiff/libtiffxx5@4.0.8-5ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu.
See How to fix? for Ubuntu:17.10 relevant fixed versions and status.
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
Remediation
There is no fixed version for Ubuntu:17.10 tiff.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779
- https://security-tracker.debian.org/tracker/CVE-2018-10779
- http://bugzilla.maptools.org/show_bug.cgi?id=2788
- https://access.redhat.com/errata/RHSA-2019:2053
- http://www.securityfocus.com/bid/104089
- https://usn.ubuntu.com/3906-1/
- https://usn.ubuntu.com/3906-2/