CVE-2017-9815 — Missing Release of Resource after Effective Lifetime in Libtiff

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Canonical Ubuntu Linux Libtiff

Timeline

PublishedJun 22

Latest updateMay 13

Description

In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.7

▶debiandebian/tiff< tiff 4.0.8-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

GHSA

GHSA-25f6-v77j-jgcf: In LibTIFF 4↗2022-05-13

▶

OSV

CVE-2017-9815: In LibTIFF 4↗2017-06-22

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2018-03-20

▶

Red Hat

libtiff: Memory leak in the TIFFReadDirEntryLong8Array function↗2017-06-22

▶

Debian

CVE-2017-9815: tiff - In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread...↗2017

▶

💬Community

Bugzilla

CVE-2017-9815 libtiff: CVE-2017-9815 [fedora-all]↗2017-06-23

▶

Bugzilla

CVE-2017-9815 libtiff: Memory leak in the TIFFReadDirEntryLong8Array function↗2017-06-23

▶