CVE-2019-6128

Severity

68%

Complexity

86%

Confidentiality

106%

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CVSS 3.0 Base Score 8.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 6 years ago

2019-01-11 05:29:00

Last updated 5 years ago

2019-11-05 10:15:00

Affected Software

LibTIFF 4.0.10

4.0.10

Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Canonical Ubuntu Linux 18.10

18.10

openSUSE Leap 15.0

15.0

References

http://bugzilla.maptools.org/show_bug.cgi?id=2836

Exploit, Issue Tracking, Third Party Advisory

openSUSE-SU-2019:1161

Mailing List, Third Party Advisory

http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html

https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8

Patch, Third Party Advisory

[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update

20191104 [slackware-security] libtiff (SSA:2019-308-01)

GLSA-202003-25

USN-3906-1

Third Party Advisory

USN-3906-2

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.