CVE-2018-7456

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-7456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-7456
Downstream
Related
Published
2018-02-24T06:29:00Z
Modified
2025-10-14T16:32:30.882536Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
be4c85b16e8801a16eec25e80eb9f3dd6a96731b
Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2018-7456-2b4754e2",
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_print.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "34583969753986054719441197622849502612",
                    "84357797237757663714675035969338159885",
                    "49276762148639282215011376252495684977",
                    "159972419896207215456600915911226522624"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
        },
        {
            "id": "CVE-2018-7456-3f789ec8",
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_dirread.c",
                "function": "TIFFReadDirectory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 15750.0,
                "function_hash": "249155504209871612604592134427141272210"
            },
            "deprecated": false,
            "source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
        },
        {
            "id": "CVE-2018-7456-41eb7abc",
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_dirread.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "151236167089328093800155427129988450403",
                    "29527367330554074330525017639318561601",
                    "331342295405348160418709638717073919851",
                    "37158704691211454594356526442508833948",
                    "113988872953227167942243030915917190850",
                    "217977255141315749192365297820863529054",
                    "262442293337999918738821387382736178874",
                    "43380298599158644641616099738336612487",
                    "190605399355420614280669035574449904392",
                    "53738916860654039232794734900171841566",
                    "144793703646904908955972730992105473359",
                    "328940481971495652685943001845163846725",
                    "78582549672764719712755235806850455943",
                    "18490697804396230632408432117234630633",
                    "88895387933003049356504067916598809154"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
        },
        {
            "id": "CVE-2018-7456-5637b775",
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_print.c",
                "function": "TIFFPrintDirectory"
            },
            "signature_version": "v1",
            "digest": {
                "length": 13393.0,
                "function_hash": "324548253410922219351275717882582872027"
            },
            "deprecated": false,
            "source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
        }
    ]
}