Project

General

Profile

Bug #7481

Bug #7480: tiff: Multiple vulnerabilities (CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936, CVE-2017-10688)

[3.7] tiff: Multiple vulnerabilities (CVE-2017-9936, CVE-2017-10688)

Added by Alicha CH over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
07/06/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

CVE-2017-9936: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.

Reference:

http://bugzilla.maptools.org/show_bug.cgi?id=2706

Patch:

https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a

CVE-2017-10688: In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.
A crafted input will lead to a remote denial of service attack.

Reference:

http://bugzilla.maptools.org/show_bug.cgi?id=2712

Patch:

https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1

Associated revisions

Revision 86b18df8 (diff)
Added by Francesco Colista about 1 year ago

main/tiff: security fix CVE-2017-9936 and CVE-2017-10688. Fixes #7481

History

#1 Updated by Francesco Colista about 1 year ago

  • Assignee set to Francesco Colista

#2 Updated by Francesco Colista about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Francesco Colista about 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF