CVE-2018-5784Uncontrolled Resource Consumption in Libtiff

CWE-400Uncontrolled Resource Consumption11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 41.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian TiffCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJan 19
Latest updateMay 14

Description

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.9
debiandebian/tiff< tiff 4.0.9-4 (bookworm)

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

2
GHSA
GHSA-phm4-fjr6-hf5x: In LibTIFF 42022-05-14
OSV
CVE-2018-5784: In LibTIFF 42018-01-19

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2018-03-26
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c2018-01-18
Debian
CVE-2018-5784: tiff - In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDi...2018

💬Community

4
Bugzilla
CVE-2018-5784 libtiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c [fedora-all]2018-01-23
Bugzilla
CVE-2018-5784 mingw-libtiff: libtiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c [fedora-all]2018-01-23
Bugzilla
CVE-2018-5784 mingw-libtiff: libtiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c [epel-7]2018-01-23
Bugzilla
CVE-2018-5784 libtiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c2018-01-23