Project

General

Profile

Bug #8240

Bug #8239: tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)

[3.8] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)

Added by Alicha CH over 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
12/05/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.

References:

http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095

Associated revisions

Revision c1c8c5a7 (diff)
Added by Natanael Copa 9 months ago

main/tiff: various security fixes

- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963

fixes #8240

Revision 6659caf6 (diff)
Added by Natanael Copa 9 months ago

main/tiff: various security fixes

- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963

fixes #8240
fixes #9163

History

#1 Updated by Natanael Copa 10 months ago

  • Target version changed from 3.8.0 to 3.8.1

#2 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 9 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2017-17095)

Also available in: Atom PDF