CVE-2020-18768
Description
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- osv-coords15 versionspkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.0.9-150000.45.32.1+ 14 more
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-150000.45.32.1
- (no CPE)range: < 4.0.9-44.71.1
- (no CPE)range: < 4.0.9-44.71.1
- (no CPE)range: < 4.0.9-44.71.1
Patches
Vulnerability mechanics
Root cause
"A heap buffer overflow exists in the _TIFFmemcpy function within tif_unix.c."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted TIFF file to an application that uses libtiff version 4.0.10. The vulnerability is triggered when the application attempts to process this malicious file, leading to a heap buffer overflow during memory copy operations [ref_id=1]. This overflow can be exploited to cause a denial-of-service.
Affected code
The vulnerability resides in the _TIFFmemcpy function located in the file tif_unix.c within libtiff version 4.0.10 [ref_id=1]. The crash occurs during the execution of _TIFFmemcpy, as indicated by the AddressSanitizer output which points to line 346 of tif_unix.c [ref_id=1].
What the fix does
The provided bundle does not contain information about a patch or specific remediation steps. Therefore, the advisory does not specify how the vulnerability is fixed. Users are advised to consult the vendor for the latest security updates and patches.
Preconditions
- inputA crafted TIFF file that exploits the heap buffer overflow vulnerability.
- configThe affected system must be using libtiff version 4.0.10.
Reproduction
The reference write-up includes a proof-of-concept attachment and command line execution that can reproduce the crash: `./tiffcp -i $poc /tmp/foo` [ref_id=1].
Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.