[3.3] tiff: memory-based DoS in tiff2bw (CVE-2017-16232)
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as
demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
References:
http://seclists.org/oss-sec/2017/q4/168
http://openwall.com/lists/oss-security/2017/11/01/3
(from redmine: issue id 8149, created on 2017-11-14, closed on 2017-11-23)
- Relations:
- parent #8144 (closed)
- Changesets:
- Revision 17f5b0b8 by Natanael Copa on 2017-11-23T07:47:22Z:
main/tiff: security upgrade to 4.0.9 (CVE-2017-16231,CVE-2017-16232)
fixes #8149