CVE-2017-18013 - Vulnerability Details - OpenCVE

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00464.

Key SSVC decision points have not yet been added.

Vendors	Products
Libtiff	Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-1259-1	tiff security update
Debian DLA	DLA-1260-1	tiff3 security update
Debian DLA	DLA-1411-1	tiff security update
Debian DSA	DSA-4100-1	tiff security update
EUVD	EUVD-2017-9153	In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
Ubuntu USN	USN-3602-1	LibTIFF vulnerabilities
Ubuntu USN	USN-3606-1	LibTIFF vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugzilla.maptools.org/show_bug.cgi?id=2770
http://www.securityfocus.com/bid/102345
https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html
https://nvd.nist.gov/vuln/detail/CVE-2017-18013
https://usn.ubuntu.com/3602-1/
https://usn.ubuntu.com/3606-1/
https://www.cve.org/CVERecord?id=CVE-2017-18013
https://www.debian.org/security/2018/dsa-4100

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00427}`	epss `{'score': 0.00381}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-01T08:00:00

Updated: 2024-08-05T21:06:49.958Z

Reserved: 2018-01-01T00:00:00

Link: CVE-2017-18013

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-01T08:29:00.470

Modified: 2024-11-21T03:19:09.767

Link: CVE-2017-18013

Redhat

Severity : Moderate

Publid Date: 2017-12-29T00:00:00Z

Links: CVE-2017-18013 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-01T00:00:00", "descriptions": [{"lang": "en", "value": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"}, {"name": "USN-3606-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3606-1/"}, {"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"}, {"name": "USN-3602-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3602-1/"}, {"name": "102345", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102345"}, {"name": "DSA-4100", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4100"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"}, {"name": "USN-3606-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3606-1/"}, {"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"}, {"name": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01", "refsource": "CONFIRM", "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"}, {"name": "USN-3602-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3602-1/"}, {"name": "102345", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102345"}, {"name": "DSA-4100", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4100"}, {"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2770", "refsource": "CONFIRM", "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:06:49.958Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"}, {"name": "USN-3606-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3606-1/"}, {"name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"}, {"name": "USN-3602-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3602-1/"}, {"name": "102345", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102345"}, {"name": "DSA-4100", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4100"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18013", "datePublished": "2018-01-01T08:00:00", "dateReserved": "2018-01-01T00:00:00", "dateUpdated": "2024-08-05T21:06:49.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "27374BA0-7A61-4BDC-9F92-C09E99A9AB81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash."}, {"lang": "es", "value": "En LibTIFF 4.0.9, existe una desreferencia de puntero NULL en la funci\u00f3n TIFFPrintDirectory en tif_print.c, tal y como se demuestra con un cierre inesperado de tiffinfo."}], "id": "CVE-2017-18013", "lastModified": "2024-11-21T03:19:09.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-01T08:29:00.470", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102345"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3602-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3606-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3602-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3606-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4100"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}