Vulnerabilities > CVE-2018-10126 - NULL Pointer Dereference vulnerability in Libtiff 4.0.9

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

libtiff

CWE-476

NVD

Published: 2018-04-21

Updated: 2024-08-20

Summary

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

Vulnerable Configurations

Part	Description	Count
Application	Libtiff Libtiff Libtiff 4.0.9	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://bugzilla.maptools.org/show_bug.cgi?id=2786
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://gitlab.com/libtiff/libtiff/-/issues/128