tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
References:
http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show\_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095
(from redmine: issue id 8239, created on 2017-12-05, closed on 2018-08-02)
- Relations:
- child #8240 (closed)
- child #8241 (closed)
- child #8242 (closed)
- child #8243 (closed)
- child #8244 (closed)