Published: 11/01/2019 Updated: 01/03/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.10
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
opensuse leap 15.0
debian debian linux 8.0

Debian Bug report logs - #921157 tiff: CVE-2019-6128 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Feb 2019 13:09:01 UTC Severity: normal Tags: security, upstream Found in version tiff/4010-3 Fixed in ver ...

Debian Bug report logs - #902718 CVE-2018-12900 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:03:01 UTC Severity: important Tags: security, upstream Found in version tiff/409-1 Fixed in version tif ...

Debian Bug report logs - #913675 tiff: CVE-2018-19210 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Nov 2018 22:24:01 UTC Severity: important Tags: security, upstream Found in version tiff/409+git181026-1 ...

Debian Bug report logs - #908778 tiff: CVE-2018-17000: null pointer deference flaw Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 13 Sep 2018 20:39:02 UTC Severity: important Tags: security, upstream Found in v ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

The TIFFFdOpen function in tif_unixc in LibTIFF 4010 has a memory leak, as demonstrated by pal2rgb ...

CWE-401 http://bugzilla.maptools.org/show_bug.cgi?id=2836 https://usn.ubuntu.com/3906-1/https://usn.ubuntu.com/3906-2/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 https://seclists.org/bugtraq/2019/Nov/5 http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://security.gentoo.org/glsa/202003-25 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921157 https://usn.ubuntu.com/3906-1/

CVE-2019-6128

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect