An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "186767229891473563274791702224467613217", "19481069840066620359853707821813487969", "52036967966178718200882280771518880600", "205253912760579363233619821217339056782", "65357827389285656138329724700151139238", "316004082998730054425576374731708826911", "291094780492294955417275808369610628831", "88395608207003517829085251503399108020", "241257191188706293250932588388811400347" ], "threshold": 0.9 }, "target": { "file": "libtiff/tif_dirwrite.c" }, "signature_type": "Line", "source": "https://gitlab.com/libtiff/libtiff@802d3cbf3043be5dce5317e140ccb1c17a6a2d39", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-7663-286a357a" }, { "digest": { "length": 1388.0, "function_hash": "83226123827981840915355884833144387677" }, "target": { "function": "TIFFWriteDirectoryTagTransferfunction", "file": "libtiff/tif_dirwrite.c" }, "signature_type": "Function", "source": "https://gitlab.com/libtiff/libtiff@802d3cbf3043be5dce5317e140ccb1c17a6a2d39", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-7663-d9d4ebe4" } ] }