HTTP: LibTIFF JBIGDecode Heap Buffer Overflow

A heap buffer overflow vulnerability has been reported in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the execution of arbitrary code under the security context of the program using LibTIFF.

Extended Description

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Affected Products

Debian debian_linux

References

CVE: CVE-2018-18557

Short Name
HTTP:STC:IMG:LIBTIFF-JBIG-BOF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2018-18557 Heap JBIGDecode LibTIFF Overflow
Release Date
01/22/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Libtiff

Debian

Canonical

CVSS Score

6.8

Found a potential security threat?