First published: Sun Jan 14 2018(Updated: )
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | <4.0.6 | |
Graphicsmagick Graphicsmagick | =1.3.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-5360.
The severity of CVE-2018-5360 is high with a score of 8.8.
LibTIFF versions before 4.0.6 and GraphicsMagick version 1.3.27 are affected.
The CWE number associated with CVE-2018-5360 is 125.
To fix CVE-2018-5360, update LibTIFF to version 4.0.6 or later, and GraphicsMagick to version 1.3.28 or later.