First published: Tue Aug 22 2023(Updated: )
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | =4.0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this heap buffer overflow in libtiff is CVE-2020-18768.
The affected software is libtiff version 4.0.10.
The severity of CVE-2020-18768 is medium with a CVSS score of 5.5.
An attacker can exploit this vulnerability by crafting a malicious tiff file that triggers a heap buffer overflow in libtiff.
Yes, a fix is available. It is recommended to update to a patched version of libtiff.