CVE-2018-10126

MEDIUM

libtiff - NULL Pointer Dereference in jpeg_fdct_16x16

Title source: llm

Description

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

References (3)

Core 3

Core References

Exploit, Issue Tracking, Third Party Advisory

http://bugzilla.maptools.org/show_bug.cgi?id=2786

Issue Tracking

https://gitlab.com/libtiff/libtiff/-/issues/128

Mailing List mailing-list

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Scores

CVSS v3 6.5

EPSS 0.0064

EPSS Percentile 70.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

libtiff/libtiff 4.0.9

Published Apr 21, 2018

Tracked Since Feb 18, 2026