CVE-2017-18013

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-18013
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18013.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-18013
Downstream
Related
Published
2018-01-01T08:29:00Z
Modified
2025-10-15T08:54:38.062675Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c6f41df7b581402dfba3c19a1e3df4454c551a01

Affected versions

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "170525206296602907753093694529980120856",
                    "93616978339748417209337682716870640681",
                    "328218603771540590479012731783112254210",
                    "48204508027133948625903716595036586778",
                    "251094784319949832704584338830552714731",
                    "319057619089807967802340759689575388816",
                    "286040623549323053884688996042829849908",
                    "302096191070558911570553740345273925536",
                    "58071185955440375749750412030001186165",
                    "296453592249262199560223406644893299582"
                ]
            },
            "id": "CVE-2017-18013-665f1527",
            "target": {
                "file": "libtiff/tif_print.c"
            },
            "signature_type": "Line",
            "source": "https://gitlab.com/libtiff/libtiff@c6f41df7b581402dfba3c19a1e3df4454c551a01"
        },
        {
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 13275.0,
                "function_hash": "304641741661058657797947578454949689153"
            },
            "id": "CVE-2017-18013-ef96e06b",
            "target": {
                "function": "TIFFPrintDirectory",
                "file": "libtiff/tif_print.c"
            },
            "signature_type": "Function",
            "source": "https://gitlab.com/libtiff/libtiff@c6f41df7b581402dfba3c19a1e3df4454c551a01"
        }
    ]
}