Home

CVE-2018-17000

Description

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.208

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.6-1ubuntu0.6_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.6-1ubuntu0.6_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-5ubuntu0.2_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-5ubuntu0.2_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-6ubuntu0.2_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.9-6ubuntu0.2_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.3-7ubuntu0.11_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff5_4.0.3-7ubuntu0.11_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.6-1ubuntu0.6_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.6-1ubuntu0.6_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-5ubuntu0.2_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-5ubuntu0.2_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-6ubuntu0.2_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.9-6ubuntu0.2_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.3-7ubuntu0.11_i386.debLinux
Tag Image File Format (TIFF) library (USN-3906-1) libtiff-tools_4.0.3-7ubuntu0.11_amd64.debLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) libtiff5-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) libtiff5-32bit-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) libtiff5-debuginfo-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) libtiff5-debuginfo-32bit-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-4.0.9-44.42.1.x86_64_SP4.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-32bit-4.0.9-44.42.1.x86_64_SP4.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) tiff-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-debuginfo-4.0.9-44.42.1.x86_64_SP4.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) libtiff5-debuginfo-32bit-4.0.9-44.42.1.x86_64_SP4.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) tiff-debuginfo-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) tiff-debuginfo-4.0.9-44.42.1.x86_64_SP4.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Desktop 12-SP4 ) tiff-debugsource-4.0.9-44.42.1.x86_64.rpmLinux
SUSE-SU-2019:3058-1(SUSE Linux Enterprise Server 12-SP4 ) tiff-debugsource-4.0.9-44.42.1.x86_64_SP4.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234