PT-2018-9697 · Libtiff+2 · Libtiff+2
Published
2018-04-21
·
Updated
2024-08-20
·
CVE-2018-10126
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
LibTIFF version 4.0.9
ijg-libjpeg versions prior to 9d
Description:
The issue is related to a NULL pointer dereference in the
jpeg fdct 16x16 function in jfdctint.c. This problem occurs because the code does not check for a NULL pointer at a certain place. The estimated number of potentially affected devices and details about real-world incidents are not provided.Recommendations:
For LibTIFF version 4.0.9, consider updating to a version that includes a fix for the NULL pointer dereference in the
jpeg fdct 16x16 function.
For ijg-libjpeg versions prior to 9d, update to version 9d or later to resolve the issue.
As a temporary workaround, consider disabling the jpeg fdct 16x16 function in jfdctint.c until a patch is available.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Libtiff
Ijg-Libjpeg