cvedb.io
CVE-2018-12900
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-06-26T22:29:00.257 · Last modified 2026-06-17T01:38:32.473

Summary

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Affected products

libtiff — libtiff

Does this affect you?

Add your gear to cvedb and we'll alert you only when libtiff ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.