SB2018042320 - NULL pointer dereference in tiff (Alpine package)
Published: April 23, 2018
Security Bulletin ID
SB2018042320
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-7456)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the TIFFPrintDirectory function that is defined in the tif_print.c source code file due to NULL pointer dereference. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c1c8c5a78a149b9954517df485d61e66a73a93a4
- https://git.alpinelinux.org/aports/commit/?id=03c0edc3283f60cef0a00065d69cc3d71e37dcd6
- https://git.alpinelinux.org/aports/commit/?id=0d6b798dc2e44bfd17cece99b90a02f1959ea2c9
- https://git.alpinelinux.org/aports/commit/?id=21d9a3aa5769a946978326e97edcad753cc356e4
- https://git.alpinelinux.org/aports/commit/?id=95497013f1213a27f0ea733699322d95b4514b1d
- https://git.alpinelinux.org/aports/commit/?id=b5887a63371b538d1c0206e2c0449f3e7f5d1328