VDB
DEBIAN-CVE-2018-18557
DEBIAN-CVE-2018-18557
PUBLISHED
CVSS 8.800000190734863 HIGH
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | tiff | 0, 0, 0 |
| Debian:11 | tiff | 0, 0, 0 |
| Debian:14 | tiff | 0, 0, 0 |
| Debian:12 | tiff | 0, 0, 0 |
Timeline
- Oct 22, 2018 CVE Published
- Apr 28, 2026 CVE Updated