CVE-2018-7456
Description
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.689
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3 | Windows |
| (RHSA-2019:2051) compat-libtiff3 security update compat-libtiff3-3.9.4-12.el7.i686.rpm | Linux |
| (RHSA-2019:2051) compat-libtiff3 security update compat-libtiff3-3.9.4-12.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.i686.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-static-4.0.3-32.el7.x86_64.rpm | Linux |
| (RHSA-2019:2053) libtiff security update libtiff-tools-4.0.3-32.el7.x86_64.rpm | Linux |
| (CESA-2019:2051) compat-libtiff3 security update compat-libtiff3-3.9.4-12.el7.i686.rpm | Linux |
| (CESA-2019:2051) compat-libtiff3 security update compat-libtiff3-3.9.4-12.el7.x86_64.rpm | Linux |
| (RHSA-2019:2051)Low: security update compat-libtiff3-debuginfo-3.9.4-12.el7.i686.rpm | Linux |
| (RHSA-2019:2051)Low: security update compat-libtiff3-debuginfo-3.9.4-12.el7.x86_64.rpm | Linux |
| Compat-libtiff3 update (ELSA-2019-2051) compat-libtiff3-3.9.4-12.el7.i686.rpm | Linux |
| Compat-libtiff3 update (ELSA-2019-2051) compat-libtiff3-3.9.4-12.el7.x86_64.rpm | Linux |
| Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.i686.rpm | Linux |
| Libtiff update (ELSA-2019-2053) libtiff-4.0.3-32.el7.x86_64.rpm | Linux |
| Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.i686.rpm | Linux |
| Libtiff-devel update (ELSA-2019-2053) libtiff-devel-4.0.3-32.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234