CVE-2018-17000 — NULL Pointer Dereference in Tiff
Severity
6.5MEDIUMNVD
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 13
Latest updateMay 14
Description
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10
🔴Vulnerability Details
2📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference↗2019-02-15
Bugzilla
▶
Bugzilla▶
CVE-2018-17000 mingw-libtiff: libtiff: NULL pointer dereference in function _TIFFmemcmp at tif_unix.c [fedora-all]↗2018-09-17
Bugzilla▶
CVE-2018-17000 mingw-libtiff: libtiff: NULL pointer dereference in function _TIFFmemcmp at tif_unix.c [epel-7]↗2018-09-17
Bugzilla▶
CVE-2018-17000 libtiff: NULL pointer dereference in function _TIFFmemcmp at tif_unix.c [fedora-all]↗2018-09-17