QwikSec

Security Database

CVE

CWE

Training

CVE-2018-7456

Published: Feb 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

https://github.com/xiaoqx/pocs/tree/master/libtiff

x_refsource_MISC

http://bugzilla.maptools.org/show_bug.cgi?id=2778

x_refsource_MISC

[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update

mailing-list

x_refsource_MLIST

https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.