Skip to content

Latest commit

 

History

History

CVE-2018-18557

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

CVE-2018-18557

Software

libtiff

Reported Version

4.0.9

Cmd

tiffcp -i $FILE /tmp/foo

Description

We get the reference PoC (https://www.exploit-db.com/exploits/45694/) from links provided in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

We manually prove the existence of this vulnerability on other versions (4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9), while the reference PoC fails to trigger it on these versions.

We provide PoCs works for these versions.