SB2018020843 - NULL pointer dereference in tiff (Alpine package)
Published: February 8, 2018
Security Bulletin ID
SB2018020843
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2017-18013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in tif_print.c within TIFFPrintDirectory() function. A remote attacker can trigger a NULL pointer dereference error and crash the affected application.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c1c8c5a78a149b9954517df485d61e66a73a93a4
- https://git.alpinelinux.org/aports/commit/?id=0ee7d7a3b930999e71d470fbab0022024c9f7474
- https://git.alpinelinux.org/aports/commit/?id=308b2d2dc74277b3e2299237b066e83f33024b17
- https://git.alpinelinux.org/aports/commit/?id=3bb6858aff988546af833aadbf73ab5abafc394f
- https://git.alpinelinux.org/aports/commit/?id=59b029a4108f709dacd68b467c8c14f87b325606
- https://git.alpinelinux.org/aports/commit/?id=ebd589f79660dd6c2fdb45e6b8b81f9fc043c39b