Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-10126

Published: 21 April 2018

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

Notes

AuthorNote
mdeslaur
as of 2022-03-04, no upstream fix
ccdm94
as of 2022-11-24, no upstream fix is available. A
comment has been made in the issue bug requesting
that the issue be closed given that for ijg-libjpeg
versions after 9c the vulnerability seems to not be
reproducible with the provided PoC file. A discussion
on whether this is a libtiff issue or a libjpeg issue
can be seen in a few comments in the bug report. The
vulnerability also does not reproduce in xenial nor
does it reproduce in kinetic.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
upstream Needed

impish Ignored
(end of life)
bionic Deferred

focal Deferred

hirsute Ignored
(end of life)
trusty Deferred

xenial Deferred

jammy Deferred

kinetic Ignored
(end of life, was deferred)
artful Ignored
(end of life)
cosmic Ignored
(end of life)
disco Ignored
(end of life)
eoan Ignored
(end of life)
groovy Ignored
(end of life)
mantic Deferred

lunar Ignored
(end of life, was deferred)

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H