CVE-2019-7663
Description
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.0.9-lp150.4.16.1+ 11 more
- (no CPE)range: < 4.0.9-lp150.4.16.1
- (no CPE)range: < 4.3.0-1.3
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-5.27.5
- (no CPE)range: < 4.0.9-5.27.5
- (no CPE)range: < 4.0.9-5.27.5
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-44.42.1
- (no CPE)range: < 4.0.9-44.42.1
Patches
Vulnerability mechanics
Root cause
"An integer overflow in the calculation of `tilew*spp` leads to an invalid address dereference."
Attack vector
Remote attackers can leverage this vulnerability by providing a crafted TIFF file to the `tiffcp` utility. This crafted file causes an integer overflow during the processing of tile dimensions and samples per pixel. The overflow leads to a segmentation fault, resulting in a denial-of-service condition [ref_id=1].
Affected code
The vulnerability resides in the `cpSeparateBufToContigBuf` function within `tiffcp.c`, specifically at line 1245. The issue arises from the calculation `tilew*spp` which can overflow.
What the fix does
The patch introduces a check to prevent integer overflow when calculating `tilew * spp`. Specifically, it verifies if `0x7fffffff / tilew < spp` before performing the multiplication. This ensures that the product does not exceed the maximum value for a 32-bit signed integer, thus preventing the subsequent invalid memory access and crash [ref_id=1].
Preconditions
- inputA specially crafted TIFF file.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202003-25mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3906-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3906-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4670mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.maptools.org/show_bug.cgimitrex_refsource_MISC
- gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/02/msg00026.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.