CVE-2017-7594Missing Release of Resource after Effective Lifetime in Libtiff

CWE-772Missing Release of Resource after Effective Lifetime10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 51.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedApr 9
Latest updateMay 13

Description

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.7
debiandebian/tiff< tiff 4.0.7-6 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-96cv-jcwx-rgjw: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg2022-05-13
OSV
CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg2017-04-09

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function2017-01-11
Debian
CVE-2017-7594: tiff - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7...2017

💬Community

4
Bugzilla
CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 libtiff: various flaws [fedora-all]2017-04-11
Bugzilla
CVE-2017-7594 libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function2017-04-11
Bugzilla
mingw-libtiff: various flaws [epel-7]2017-04-03
Bugzilla
mingw-libtiff: various flaws [fedora-all]2017-04-03