{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T20:12:52.879","vulnerabilities":[{"cve":{"id":"CVE-2018-3981","sourceIdentifier":"talos-cna@cisco.com","published":"2018-10-01T20:29:00.827","lastModified":"2024-11-21T04:06:25.807","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution."},{"lang":"es","value":"Existe una de escritura fuera de límites explotable en la funcionalidad de análisis sintáctico de TIFF de Canvas Draw 5.0.0. Un atacante puede enviar una imagen TIFF para desencadenar esta vulnerabilidad y una ejecución de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canvasgfx:canvas_draw:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8E8C54DC-AD98-4382-8BC0-C83CED96E8B7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106809","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651","source":"talos-cna@cisco.com","tags":["Exploit","Not Applicable","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/106809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Not Applicable","Third Party Advisory"]}]}}]}