CVE-2018-18661 — NULL Pointer Dereference in Libtiff

CWE-476 — NULL Pointer Dereference CWE-121 — Stack-based Buffer Overflow10 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 62.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Canonical Ubuntu Linux Libtiff

Timeline

PublishedOct 26

Latest updateMay 14

Description

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.9

▶debiandebian/tiff< tiff 4.0.10-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.maptools.org ↗Patch: bugzilla.maptools.org ↗

🔴Vulnerability Details

GHSA

GHSA-49q9-9f29-jccf: An issue was discovered in LibTIFF 4↗2022-05-14

▶

OSV

CVE-2018-18661: An issue was discovered in LibTIFF 4↗2018-10-26

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2019-01-22

▶

Red Hat

libtiff: tiff2bw tool failed memory allocation leads to crash↗2018-10-25

▶

Debian

CVE-2018-18661: tiff - An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in...↗2018

▶

💬Community

Bugzilla

CVE-2018-18661 mingw-libtiff: libtiff: tiff2bw tool failed memory allocation leads to crash [epel-7]↗2018-10-30

▶

Bugzilla

CVE-2018-18661 libtiff: tiff2bw tool failed memory allocation leads to crash [fedora-all]↗2018-10-30

▶

Bugzilla

CVE-2018-18661 mingw-libtiff: libtiff: tiff2bw tool failed memory allocation leads to crash [fedora-all]↗2018-10-30

▶

Bugzilla

CVE-2018-18661 libtiff: tiff2bw tool failed memory allocation leads to crash↗2018-10-30

▶