CVE-2018-18557

HIGH

LibTIFF 3.9.3-4.0.9 - Out-of-bounds Write in JBIG Decoder

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18557. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in libtiff (up to 4.0.9) due to the JBIGDecode function ignoring buffer size constraints. The PoC generates a malformed TIFF file that triggers the vulnerability, allowing arbitrary data to be written beyond allocated buffer boundaries.

Description

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/45694

View Code ZIP pw:eip

This exploit demonstrates a heap-based buffer overflow in libtiff (up to 4.0.9) due to the JBIGDecode function ignoring buffer size constraints. The PoC generates a malformed TIFF file that triggers the vulnerability, allowing arbitrary data to be written beyond allocated buffer boundaries.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: libtiff up to and including 4.0.9

No auth needed

Prerequisites: Ability to deliver a malformed TIFF file to the target system

MITRE ATT&CK