<p>Upgrade <code>RHEL:7</code> <code>libtiff-devel</code> to version 0:4.0.3-32.el7 or higher.<br>This issue was patched in <code>RHSA-2019:2053</code>.</p>

Reachable Assertion Affecting libtiff-devel package, versions <0:4.0.3-32.el7

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.74% (81^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RHEL7-LIBTIFFDEVEL-1511857
published 26 Jul 2021
disclosed 9 May 2018

Report a new vulnerability Found a mistake?

Introduced: 9 May 2018

CVE-2018-10963 Open this link in a new tab CWE-617 Open this link in a new tab

How to fix?

Upgrade RHEL:7 libtiff-devel to version 0:4.0.3-32.el7 or higher.
This issue was patched in RHSA-2019:2053.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtiff-devel package and not the libtiff-devel package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.