CVE-2017-9935Out-of-bounds Read in Tiff

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow17 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 34.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian TiffLibtiffCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 26
Latest updateMay 13

Description

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibtiff/libtiff4.0.8+1
debiandebian/tiff< tiff 4.0.9-2 (bookworm)

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: bugzilla.maptools.orgPatch: bugzilla.maptools.org

🔴Vulnerability Details

4
GHSA
GHSA-96fq-9mpq-xgqj: The function t2p_write_pdf in tiff2pdf2022-05-13
GHSA
GHSA-ccm9-9gxr-9m3p: In LibTIFF 42022-05-13
OSV
CVE-2018-17795: The function t2p_write_pdf in tiff2pdf2018-09-30
OSV
CVE-2017-9935: In LibTIFF 42017-06-26

📋Vendor Advisories

5
Red Hat
libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()2018-10-02
Ubuntu
LibTIFF vulnerabilities2018-03-26
Debian
CVE-2018-17795: tiff - The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows rem...2018
Red Hat
libtiff: Heap-based buffer overflow in t2p_write_pdf function2017-07-11
Debian
CVE-2017-9935: tiff - In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf fun...2017

📄Research Papers

1
arXiv
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding2018-12-11

💬Community

5
Bugzilla
CVE-2018-17795 libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf()2018-10-02
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 mingw-libtiff: various flaws [epel-7]2017-07-11
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 mingw-libtiff: various flaws [fedora-all]2017-07-11
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 libtiff: various flaws [fedora-all]2017-07-11
Bugzilla
CVE-2017-9935 libtiff: Heap-based buffer overflow in t2p_write_pdf function2017-07-11