Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-7456 |
CWE-ID | CWE-476 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
tiff (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU10792
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7456
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the TIFFPrintDirectory function that is defined in the tif_print.c source code file due to NULL pointer dereference. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionstiff (Alpine package): 4.0.9-r0 - 4.0.9-r2
External linkshttp://git.alpinelinux.org/aports/commit/?id=c1c8c5a78a149b9954517df485d61e66a73a93a4
http://git.alpinelinux.org/aports/commit/?id=03c0edc3283f60cef0a00065d69cc3d71e37dcd6
http://git.alpinelinux.org/aports/commit/?id=0d6b798dc2e44bfd17cece99b90a02f1959ea2c9
http://git.alpinelinux.org/aports/commit/?id=21d9a3aa5769a946978326e97edcad753cc356e4
http://git.alpinelinux.org/aports/commit/?id=95497013f1213a27f0ea733699322d95b4514b1d
http://git.alpinelinux.org/aports/commit/?id=b5887a63371b538d1c0206e2c0449f3e7f5d1328
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.