CVE-2017-9403Missing Release of Resource after Effective Lifetime in Libtiff

CWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective Lifetime10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian TiffCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJun 2
Latest updateMay 13

Description

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.7
debiandebian/tiff< tiff 4.0.8-1 (bookworm)

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

2
GHSA
GHSA-f8pf-f798-489q: In LibTIFF 42022-05-13
OSV
CVE-2017-9403: In LibTIFF 42017-06-02

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: Memory leak in TIFFReadDirEntryLong8Array2017-04-20
Debian
CVE-2017-9403: tiff - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFRead...2017

💬Community

4
Bugzilla
CVE-2017-9403 CVE-2017-9404 libtiff: various flaws [fedora-all]2017-06-05
Bugzilla
CVE-2017-9403 CVE-2017-9404 mingw-libtiff: various flaws [epel-7]2017-06-05
Bugzilla
CVE-2017-9403 CVE-2017-9404 mingw-libtiff: various flaws [fedora-all]2017-06-05
Bugzilla
CVE-2017-9403 libtiff: Memory leak in TIFFReadDirEntryLong8Array2017-06-05