VDB

GCVE-110-MAGEIA-2018-246

GCVE-110-MAGEIA-2018-246
Advisory Published
Vulnetix · Advisory published May 16, 2018
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (CVE-2018-10963) In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. (CVE-2018-8905)

Affected Products

VendorProductVersionsPlatforms
Mageialibtiff0 (affected), 4.0.9-1.5.mga6 (unaffected)
Mageialibtiff0 (affected), 4.0.9-1.5.mga5 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›