CVE-2018-5784

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-5784
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5784.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-5784
Downstream
Related
Published
2018-01-19T08:29:00.320Z
Modified
2025-11-18T14:02:20.518043Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
473851d211cf8805a161820337ca74cc9615d6ef

Affected versions

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "75831772826903519163531091244361149601",
                "78375691951534252794824230083328114641",
                "293301950844137652162995674059519515684",
                "199221968750314404018989121865056121067",
                "5327546639558208921209613398130438931",
                "131256751223841078268448253529362595545",
                "330585039822195982558293263417307448225"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-32fcc861",
        "target": {
            "file": "tools/tiff2pdf.c"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "213609115515777586211141951442237006584",
            "length": 5724.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-4a632204",
        "target": {
            "file": "tools/tiff2pdf.c",
            "function": "t2p_read_tiff_init"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "217941978878947320029816834975166642295",
            "length": 1584.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-6a8edbef",
        "target": {
            "file": "contrib/addtiffo/tif_overview.c",
            "function": "TIFF_WriteOverview"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "280118026582751531607203991365373546876",
                "43719099175510905525229923302533711661",
                "70680763122485257495134726048061920842",
                "57881666676319679057535677400894311885",
                "106582711542385200867802239147585812831",
                "132354293960869030127950657134287496699",
                "55761791276588461682510708734136367267",
                "337647114143564325189136562211559769739",
                "223325157716770488910409838864759636822",
                "42083156524159150658991999267604601331",
                "204171970194303696611234922170369988794"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-8be40752",
        "target": {
            "file": "contrib/addtiffo/tif_overview.c"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172353140212210332738028602722684502789",
                "253628019908197467971345379500435746871",
                "314230488715923400105651815237839916662",
                "77322807136046078891198257595381707816",
                "69718155279689978593491466533212242267",
                "216893751462658506253463015470644614992",
                "302612334229579431412840180403522687990",
                "63355102319794581852982502112322842388",
                "228539468221171595535354674831310576492",
                "19616000769208776864051079112019526069"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-af240c7b",
        "target": {
            "file": "tools/tiffcrop.c"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "98152871295658607399717771184892726884",
            "length": 5554.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2018-5784-d6b69b9f",
        "target": {
            "file": "tools/tiffcrop.c",
            "function": "main"
        },
        "source": "https://gitlab.com/libtiff/libtiff@473851d211cf8805a161820337ca74cc9615d6ef",
        "signature_type": "Function"
    }
]

Git / github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected