CVE-2018-5784

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type: GIT
Repo: https://github.com/vadz/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

473851d211cf8805a161820337ca74cc9615d6ef

Affected versions

v3.*

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.6.0beta2

v3.6.1

v3.7.0

v3.7.0alpha

v3.7.0beta

v3.7.0beta2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.8.1

v3.8.2

v4.*

v4.0.0

v4.0.0alpha

v4.0.0alpha4

v4.0.0alpha5

v4.0.0alpha6

v4.0.0beta7

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.4beta

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Line",
            "target": {
                "file": "tools/tiff2pdf.c"
            },
            "id": "CVE-2018-5784-32fcc861",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "75831772826903519163531091244361149601",
                    "78375691951534252794824230083328114641",
                    "293301950844137652162995674059519515684",
                    "199221968750314404018989121865056121067",
                    "5327546639558208921209613398130438931",
                    "131256751223841078268448253529362595545",
                    "330585039822195982558293263417307448225"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Function",
            "target": {
                "file": "tools/tiff2pdf.c",
                "function": "t2p_read_tiff_init"
            },
            "id": "CVE-2018-5784-4a632204",
            "digest": {
                "function_hash": "213609115515777586211141951442237006584",
                "length": 5724.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Function",
            "target": {
                "file": "contrib/addtiffo/tif_overview.c",
                "function": "TIFF_WriteOverview"
            },
            "id": "CVE-2018-5784-6a8edbef",
            "digest": {
                "function_hash": "217941978878947320029816834975166642295",
                "length": 1584.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Line",
            "target": {
                "file": "contrib/addtiffo/tif_overview.c"
            },
            "id": "CVE-2018-5784-8be40752",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "280118026582751531607203991365373546876",
                    "43719099175510905525229923302533711661",
                    "70680763122485257495134726048061920842",
                    "57881666676319679057535677400894311885",
                    "106582711542385200867802239147585812831",
                    "132354293960869030127950657134287496699",
                    "55761791276588461682510708734136367267",
                    "337647114143564325189136562211559769739",
                    "223325157716770488910409838864759636822",
                    "42083156524159150658991999267604601331",
                    "204171970194303696611234922170369988794"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Line",
            "target": {
                "file": "tools/tiffcrop.c"
            },
            "id": "CVE-2018-5784-af240c7b",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172353140212210332738028602722684502789",
                    "253628019908197467971345379500435746871",
                    "314230488715923400105651815237839916662",
                    "77322807136046078891198257595381707816",
                    "69718155279689978593491466533212242267",
                    "216893751462658506253463015470644614992",
                    "302612334229579431412840180403522687990",
                    "63355102319794581852982502112322842388",
                    "228539468221171595535354674831310576492",
                    "19616000769208776864051079112019526069"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
            "signature_type": "Function",
            "target": {
                "file": "tools/tiffcrop.c",
                "function": "main"
            },
            "id": "CVE-2018-5784-d6b69b9f",
            "digest": {
                "function_hash": "98152871295658607399717771184892726884",
                "length": 5554.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}