Base Score

MEDIUM6.5

CVE-2018-18661

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

VectorNETWORK

Published Bycve@mitre.org

Published DateOct 26, 2018, 14:29

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://bugzilla.maptools.org/show_bug.cgi?id=2819
http://www.securityfocus.com/bid/105762
https://access.redhat.com/errata/RHSA-2019:2053
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
https://usn.ubuntu.com/3864-1/

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH