CVE-2018-8905

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by the tiff2ps tool.
Group Package Affected Fixed Severity Status Ticket
AVG-813 libtiff 4.0.9-1 4.0.9-2 High Fixed
AVG-791 lib32-libtiff 4.0.9-1 4.0.10-1 High Fixed FS#60599
Date Advisory Group Package Severity Description
20 Nov 2018 ASA-201811-18 AVG-791 lib32-libtiff High multiple issues
References
http://bugzilla.maptools.org/show_bug.cgi?id=2780
https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d