CVE-2017-18013MEDIUM
Description
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2770
http://www.securityfocus.com/bid/102345
https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html
https://usn.ubuntu.com/3602-1/
Details
Source: MITRE
Published: 2018-01-01
Updated: 2018-03-28
Type: CWE-476
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 123213 | openSUSE Security Update : tiff (openSUSE-2019-508) | Nessus | SuSE Local Security Checks | medium |
| 121910 | Photon OS 2.0: Libtiff PHSA-2018-2.0-0013 | Nessus | PhotonOS Local Security Checks | high |
| 120824 | Fedora 28 : libtiff (2018-d41d114d3e) | Nessus | Fedora Local Security Checks | medium |
| 120035 | SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2018:1889-1) | Nessus | SuSE Local Security Checks | medium |
| 111283 | Photon OS 2.0 : libtiff / openjdk8 / ruby (PhotonOS-PHSA-2018-2.0-0013) (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 111099 | openSUSE Security Update : tiff (openSUSE-2018-728) | Nessus | SuSE Local Security Checks | medium |
| 110803 | SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1835-1) | Nessus | SuSE Local Security Checks | high |
| 110802 | openSUSE Security Update : tiff (openSUSE-2018-677) | Nessus | SuSE Local Security Checks | medium |
| 110763 | SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:1826-1) | Nessus | SuSE Local Security Checks | medium |
| 110388 | Fedora 27 : libtiff (2018-44c6f91560) | Nessus | Fedora Local Security Checks | medium |
| 110258 | SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1472-1) | Nessus | SuSE Local Security Checks | medium |
| 108657 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : LibTIFF vulnerabilities (USN-3606-1) | Nessus | Ubuntu Local Security Checks | high |
| 108513 | Ubuntu 14.04 LTS / 16.04 LTS : LibTIFF vulnerabilities (USN-3602-1) | Nessus | Ubuntu Local Security Checks | medium |
| 106700 | FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c) | Nessus | FreeBSD Local Security Checks | medium |
| 106414 | Debian DSA-4100-1 : tiff - security update | Nessus | Debian Local Security Checks | medium |
| 106410 | Debian DLA-1260-1 : tiff3 security update | Nessus | Debian Local Security Checks | medium |
| 106409 | Debian DLA-1259-1 : tiff security update | Nessus | Debian Local Security Checks | medium |