NULL pointer dereference in tiff (Alpine package)

1) NULL pointer dereference

EUVDB-ID: #VU10792

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-7456

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the TIFFPrintDirectory function that is defined in the tif_print.c source code file due to NULL pointer dereference. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tiff (Alpine package): 4.0.9-r0 - 4.0.9-r2

External links

http://git.alpinelinux.org/aports/commit/?id=c1c8c5a78a149b9954517df485d61e66a73a93a4
http://git.alpinelinux.org/aports/commit/?id=03c0edc3283f60cef0a00065d69cc3d71e37dcd6
http://git.alpinelinux.org/aports/commit/?id=0d6b798dc2e44bfd17cece99b90a02f1959ea2c9
http://git.alpinelinux.org/aports/commit/?id=21d9a3aa5769a946978326e97edcad753cc356e4
http://git.alpinelinux.org/aports/commit/?id=95497013f1213a27f0ea733699322d95b4514b1d
http://git.alpinelinux.org/aports/commit/?id=b5887a63371b538d1c0206e2c0449f3e7f5d1328

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.