Uncontrolled Resource Consumption in LibTIFF 4.0.9 TIFFSetDirectory Function

Uncontrolled Resource Consumption in LibTIFF 4.0.9 TIFFSetDirectory Function

CVE-2018-5784 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

Learn more about our Web Application Penetration Testing UK.