CVE-2020-18768: Buffer Overflow
First published: Tue Aug 22 2023(Updated: )
LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in _TIFFmemcpy at tif_unix.c when parsing TIFF files. By persuading a victim to open a specially crafted TIFF file, a remote attacker could exploit this vulnerability to cause a denial of service.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libtiff Libtiff | =4.0.10 | |
| IBM Cognos Analytics | <=12.0.0-12.0.3 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this heap buffer overflow in libtiff?
The vulnerability ID for this heap buffer overflow in libtiff is CVE-2020-18768.
What is the affected software?
The affected software is libtiff version 4.0.10.
What is the severity of CVE-2020-18768?
The severity of CVE-2020-18768 is medium with a CVSS score of 5.5.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by crafting a malicious tiff file that triggers a heap buffer overflow in libtiff.
Is there a fix available for this vulnerability?
Yes, a fix is available. It is recommended to update to a patched version of libtiff.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/libtiff
- canonical/libtiff libtiff
- version/libtiff libtiff/4.0.10
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.3
- version/ibm cognos analytics/11.2.0-11.2.4 fp4