CVE-2019-7663

Published: 9 February 2019

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Notes

Author	Note
msalvatore	gdal in bionic and later uses system libtiff
mdeslaur	same fixes as CVE-2018-17000 and CVE-2018-12900
ebarretto	marking openjpeg2 as not affected as it uses system libtiff

Priority

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package	Release	Status
chromium Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
gdal Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system libtiff)
	cosmic	Not vulnerable (uses system libtiff)
	disco	Not vulnerable (uses system libtiff)
	eoan	Not vulnerable (uses system libtiff)
	focal	Not vulnerable (uses system libtiff)
	groovy	Not vulnerable (uses system libtiff)
	hirsute	Not vulnerable (uses system libtiff)
	impish	Not vulnerable (uses system libtiff)
	jammy	Not vulnerable (uses system libtiff)
	kinetic	Not vulnerable (uses system libtiff)
	lunar	Not vulnerable (uses system libtiff)
	mantic	Not vulnerable (uses system libtiff)
	trusty	Needed
	upstream	Needs triage
	xenial	Needed
openjpeg2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	cosmic	Ignored (end of life)
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Not vulnerable
	mantic	Not vulnerable
	trusty	Does not exist
	upstream	Needed
	xenial	Not vulnerable
qt4-x11 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system libtiff)
	cosmic	Ignored (end of life)
	disco	Not vulnerable (uses system libtiff)
	eoan	Not vulnerable (uses system libtiff)
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Not vulnerable (uses system libtiff)
	upstream	Needs triage
	xenial	Not vulnerable (uses system libtiff)
qtimageformats-opensource-src Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Needs triage
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
texmaker Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (end of life)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Needs triage
tiff Launchpad, Ubuntu, Debian	bionic	Released (4.0.9-5ubuntu0.2)
	cosmic	Released (4.0.9-6ubuntu0.2)
	disco	Not vulnerable (4.0.10-4)
	eoan	Not vulnerable (4.0.10-4)
	focal	Not vulnerable (4.0.10-4)
	groovy	Not vulnerable (4.0.10-4)
	hirsute	Not vulnerable (4.0.10-4)
	impish	Not vulnerable (4.0.10-4)
	jammy	Not vulnerable (4.0.10-4)
	kinetic	Not vulnerable (4.0.10-4)
	lunar	Not vulnerable (4.0.10-4)
	mantic	Not vulnerable (4.0.10-4)
	trusty	Released (4.0.3-7ubuntu0.11)
	upstream	Released (4.0.10-4)
	xenial	Released (4.0.6-1ubuntu0.6)
	Patches: upstream: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39 upstream: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01 other: https://gitlab.com/libtiff/libtiff/merge_requests/60 other: https://gitlab.com/libtiff/libtiff/merge_requests/44
tiff3 Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

http://bugzilla.maptools.org/show_bug.cgi?id=2833

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›