Your submission was sent successfully! Close

CVE-2017-18013

Published: 1 January 2018

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
artful
Released (4.0.8-5ubuntu0.1)
precise Ignored

trusty
Released (4.0.3-7ubuntu0.8)
upstream
Released (4.0.9-3)
xenial
Released (4.0.6-1ubuntu0.3)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01

Notes

AuthorNote
mdeslaur
introduced in https://gitlab.com/libtiff/libtiff/commit/7057734d986001b7fd6d2afde9667da7754ff2cc which is 4.0.9 only
we will not be fixing this issue in precise/esm

References

Bugs