CVE-2017-18013

Published: 01 January 2018

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.9-3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.0.6-1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.3-7ubuntu0.8)
Patches:
Upstream: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01

Notes

AuthorNote
mdeslaur
introduced in https://gitlab.com/libtiff/libtiff/commit/7057734d986001b7fd6d2afde9667da7754ff2cc which is 4.0.9 only
we will not be fixing this issue in precise/esm

References

Bugs