CVE-2017-11613Improper Input Validation in Libtiff

CWE-20Improper Input Validation11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedJul 26
Latest updateMay 14

Description

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.8
debiandebian/tiff< tiff 4.0.9-5 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-42pc-34h3-q52f: In LibTIFF 42022-05-14
OSV
CVE-2017-11613: In LibTIFF 42017-07-26

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-26
Red Hat
libtiff: Memory leak via corrupt td_imagelength in TIFFOpen function2017-07-26
Debian
CVE-2017-11613: tiff - In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen fun...2017

💬Community

5
Bugzilla
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]2018-09-03
Bugzilla
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c [fedora-all]2018-08-08
Bugzilla
CVE-2017-11613 libtiff: Memory leak via corrupt td_imagelength in TIFFOpen function [fedora-all]2017-07-26
Bugzilla
CVE-2017-11613 libtiff: Memory leak via corrupt td_imagelength in TIFFOpen function2017-07-26
Bugzilla
CVE-2017-11613 mingw-libtiff: libtiff: Memory leak via corrupt td_imagelength in TIFFOpen function [fedora-all]2017-07-26