CVE-2020-18768: Buffer Overflow
First published: Tue Aug 22 2023(Updated: )
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libtiff Libtiff | =4.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this heap buffer overflow in libtiff?
The vulnerability ID for this heap buffer overflow in libtiff is CVE-2020-18768.
What is the affected software?
The affected software is libtiff version 4.0.10.
What is the severity of CVE-2020-18768?
The severity of CVE-2020-18768 is medium with a CVSS score of 5.5.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by crafting a malicious tiff file that triggers a heap buffer overflow in libtiff.
Is there a fix available for this vulnerability?
Yes, a fix is available. It is recommended to update to a patched version of libtiff.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/libtiff
- canonical/libtiff libtiff
- version/libtiff libtiff/4.0.10