CVE-2018-7456
- Source
- https://cve.org/CVERecord?id=CVE-2018-7456
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7456.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7456
- Downstream
- Related
- Published
- 2018-02-24T06:29:00.630Z
- Modified
- 2026-03-15T22:26:51.934979Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
- References
-
- https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html
- https://usn.ubuntu.com/3864-1/
- https://www.debian.org/security/2018/dsa-4349
- https://access.redhat.com/errata/RHSA-2019:2053
- https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:2051
- https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html
- http://bugzilla.maptools.org/show_bug.cgi?id=2778
- https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
- https://github.com/xiaoqx/pocs/tree/master/libtiff
Affected packages
Git / github.com/vadz/libtiff
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vadz/libtiff
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.0.9" } ] }
- Type
- GIT
- Repo
- https://gitlab.com/libtiff/libtiff
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7
Release-v4-0-8
Release-v4-0-9
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7456.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.10"
}
]
}
]
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "libtiff/tif_print.c"
},
"source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b",
"deprecated": false,
"digest": {
"line_hashes": [
"34583969753986054719441197622849502612",
"84357797237757663714675035969338159885",
"49276762148639282215011376252495684977",
"159972419896207215456600915911226522624"
],
"threshold": 0.9
},
"id": "CVE-2018-7456-2b4754e2",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "libtiff/tif_dirread.c",
"function": "TIFFReadDirectory"
},
"source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b",
"deprecated": false,
"digest": {
"function_hash": "249155504209871612604592134427141272210",
"length": 15750.0
},
"id": "CVE-2018-7456-3f789ec8",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "libtiff/tif_dirread.c"
},
"source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b",
"deprecated": false,
"digest": {
"line_hashes": [
"151236167089328093800155427129988450403",
"29527367330554074330525017639318561601",
"331342295405348160418709638717073919851",
"37158704691211454594356526442508833948",
"113988872953227167942243030915917190850",
"217977255141315749192365297820863529054",
"262442293337999918738821387382736178874",
"43380298599158644641616099738336612487",
"190605399355420614280669035574449904392",
"53738916860654039232794734900171841566",
"144793703646904908955972730992105473359",
"328940481971495652685943001845163846725",
"78582549672764719712755235806850455943",
"18490697804396230632408432117234630633",
"88895387933003049356504067916598809154"
],
"threshold": 0.9
},
"id": "CVE-2018-7456-41eb7abc",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "libtiff/tif_print.c",
"function": "TIFFPrintDirectory"
},
"source": "https://gitlab.com/libtiff/libtiff@be4c85b16e8801a16eec25e80eb9f3dd6a96731b",
"deprecated": false,
"digest": {
"function_hash": "324548253410922219351275717882582872027",
"length": 13393.0
},
"id": "CVE-2018-7456-5637b775",
"signature_type": "Function"
}
]