Medium severity6.5NVD Advisory· Published Feb 24, 2018· Updated Jun 17, 2026
CVE-2018-7456
CVE-2018-7456
Description
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords11 versionspkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.2
< 4.3.0-1.3+ 10 more
- (no CPE)range: < 4.3.0-1.3
- (no CPE)range: < 4.0.9-44.15.2
- (no CPE)range: < 4.0.9-5.9.1
- (no CPE)range: < 4.0.9-5.9.1
- (no CPE)range: < 3.8.2-141.169.9.1
- (no CPE)range: < 4.0.9-44.15.2
- (no CPE)range: < 3.8.2-141.169.9.1
- (no CPE)range: < 4.0.9-44.15.2
- (no CPE)range: < 3.8.2-141.169.9.1
- (no CPE)range: < 4.0.9-44.15.2
- (no CPE)range: < 4.7.1-160000.2.1
Patches
Vulnerability mechanics
References
10- gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731bnvdPatchThird Party Advisory
- bugzilla.maptools.org/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- github.com/xiaoqx/pocs/tree/master/libtiffnvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/04/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/04/msg00011.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/07/msg00002.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3864-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4349nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:2051nvd
- access.redhat.com/errata/RHSA-2019:2053nvd
News mentions
0No linked articles in our index yet.