Bug 1530440 (CVE-2017-18013) - CVE-2017-18013 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes crash
Summary: CVE-2017-18013 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDire...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-18013
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20171229,repor...
Depends On: 1530441
Blocks: 1530443
TreeView+ depends on / blocked
 
Reported: 2018-01-03 04:01 UTC by Sam Fowler
Modified: 2019-06-08 22:35 UTC (History)
3 users (show)

Fixed In Version: libtiff 4.0.9-3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-08 05:42:09 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-01-03 04:01:56 UTC
LibTIFF 4.0.9 is vulnerable to a crash caused by a NULL pointer dereference in the TIFFPrintDirectory function in tif_print.c. An attacker could exploit this by supplying a specially crafted TIFF image, leading to a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18013
http://www.cvedetails.com/cve/CVE-2017-18013/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
http://bugzilla.maptools.org/show_bug.cgi?id=2770

Comment 1 Sam Fowler 2018-01-03 04:03:12 UTC
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 1530441]

Comment 2 Huzaifa S. Sidhpurwala 2018-01-08 05:41:27 UTC
It seems this flaw is triggered by the following changeset:
https://gitlab.com/libtiff/libtiff/commit/7057734d986001b7fd6d2afde9667da7754ff2cc

This was introduced in tiff-4.0.9, therefore older versions are not affected.


Note You need to log in before you can comment on or make changes to this bug.