Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2018-18557First vendor Publication2018-10-22
VendorCveLast vendor Modification2019-05-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

CWE : Common Weakness Enumeration

%idName
100 %CWE-787Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os4
Os2

Snort® IPS/IDS

DateDescription
2019-09-19Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51097 - Revision : 2 - Type : FILE-IMAGE
2019-09-19Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51096 - Revision : 2 - Type : FILE-IMAGE
2019-09-19Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51095 - Revision : 2 - Type : FILE-IMAGE
2019-09-19Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51094 - Revision : 2 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-67a6bf4ac1.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-bd18c784de.nasl - Type : ACT_GATHER_INFO
2018-12-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4349.nasl - Type : ACT_GATHER_INFO
2018-11-26Name : The remote Fedora host is missing a security update.
File : fedora_2018-399bce9f8f.nasl - Type : ACT_GATHER_INFO
2018-10-29Name : The remote Debian host is missing a security update.
File : debian_DLA-1557.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
DEBIAN https://www.debian.org/security/2018/dsa-4349
EXPLOIT-DB https://www.exploit-db.com/exploits/45694/
GENTOO https://security.gentoo.org/glsa/201904-15
MISC https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46a...
https://gitlab.com/libtiff/libtiff/merge_requests/38
MLIST https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html
UBUNTU https://usn.ubuntu.com/3864-1/
https://usn.ubuntu.com/3906-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2019-05-10 05:18:56
  • Multiple Updates
2019-04-16 05:18:46
  • Multiple Updates
2019-03-21 21:19:18
  • Multiple Updates
2019-03-05 21:19:20
  • Multiple Updates
2019-01-23 17:19:22
  • Multiple Updates
2018-12-05 00:19:01
  • Multiple Updates
2018-12-01 17:19:00
  • Multiple Updates
2018-10-29 17:19:23
  • Multiple Updates
2018-10-22 21:20:14
  • First insertion