CVE-2018-10126 — MEDIUM (6.5)

Vulnerability Description

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libtiff	Libtiff	4.0.9

Related Weaknesses (CWE)

CWE-476

References

http://bugzilla.maptools.org/show_bug.cgi?id=2786ExploitIssue TrackingThird Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/128
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
http://bugzilla.maptools.org/show_bug.cgi?id=2786ExploitIssue TrackingThird Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430

FAQ

What is CVE-2018-10126?

CVE-2018-10126 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

How severe is CVE-2018-10126?

CVE-2018-10126 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10126?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff.