CVE-2018-7456NULL Pointer Dereference in Tiff

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 28.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian TiffCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedFeb 24
Latest updateMay 13

Description

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.9
debiandebian/tiff< tiff 4.0.9-5 (bookworm)

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

2
GHSA
GHSA-43j5-gmq7-54cr: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print2022-05-13
OSV
CVE-2018-7456: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print2018-02-24

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2019-01-22
Red Hat
libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service2018-02-24
Debian
CVE-2018-7456: tiff - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_prin...2018

💬Community

2
Bugzilla
CVE-2018-7456 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service [fedora-all]2018-03-15
Bugzilla
CVE-2018-7456 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service2018-03-15