Libtiff: >> Libtiff >> 4.0.10 Security Vulnerabilities
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-02-09
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVSS Score
8.8
EPSS Score
0.029
Published
2019-01-11
Page 6