Questions re: CVE-2018-4903 virus(?)

Report · Mar 11, 2018

I have 260 TIFF files that have apparently been infected with TIFF:CVE-2018-4903. Adobe's explanation states:

"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."

My husband insists that they're picture files, so couldn't possibly be harmful. They're on my C drive as well as my backup drive (including older backup information from a previous computer). AVG ranks them as high severity and wants to put them in quarantine, but I don't want all these picture files to become inaccessible (not sure if they will be or not, or if pulling one back up will also bring back the vulnerability). Adobe's fix is to update. I checked my Adobe Reader DC (product version 18.11.20038.267465 / file v. 18.11.20038.5321) and it says no updates are available at this time. My Acrobat Professional (v. 8.0.0) says there are no updates at this time, but that some updates can't be confirmed at this time. Does that mean they're both up to date or that updates are no longer available? Do I need to obtain a newer version of either and/or both? And what do I do about the 260 infected files? Should I disable my backup until this is resolved (scheduled for tonight, as luck would have it...).

Thank you!

Report · Mar 11, 2018

Your Reader is newer than the reported versions. Acrobat 8 will have no fixes. You should be able to open and resave with any non-affected TIFF editor. Reader and Acrobat May be vulnerable or not but can’t edit TIFF.

Report · Mar 11, 2018

Thank you, Test Screen Name. My husband wants to know, since I never use Adobe to open or save any TIFFs (and really only use JPGs at this point) and most of these are older files, is there really a danger of whatever this thing is being activated? He thinks it must've been there for years, since it's attached to TIFFs in my old backup. It looks to me like it's a more recent issue that's gone in and attached itself to any and all TIFFs it could find. I don't know if AVG just found it because it just got in or because I changed the virus scan parameters. In any case, I just want to confirm that I'll be able to access the photos, if I need to, if I go ahead and have them quarantined. With any luck I won't need any of them, but ya never know...

Thanks again!

Report · Apr 19, 2018

Hi harplu$ter,

Why are you opening TiFF files in Adobe Reader in the first place that is confusing?

If you have the latest version of Reader installed and are missing some updates, launch Acrobat Reader>Help>Check for updates. That should install all updates including security patches.

-Tariq Dar

Report · Apr 19, 2018

The issue is with TIFF files that are encoded inside a PDF. Reader is not capable of opening TIFF files on their own.
If you have an updated version of Reader it should not be an issue. Acrobat 8, on the other hand, is very outdated and will certainly have some security issues. You can, and should, install all the available updates to it, which are available here:

ftp://ftp.adobe.com/pub/adobe/acrobat/win/8.x/

The real solution, though, is to purchase the current version.

Report · Apr 19, 2018

Hmm, but there is no way to encode a TIFF file inside a PDF either... except by converting it to standard PDF constructs, no longer connected to TIFF...