CVE-2018-18557 - log back

CVE-2018-18557 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
+ https://gitlab.com/libtiff/libtiff/merge_requests/38
+ https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
Notes