Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9936Missing Release of Resource after Effective Lifetime in Tiff

CWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective Lifetime11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
5.9%
top 9.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Debian TiffCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJun 26
Latest updateMay 13

Description

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.8
debiandebian/tiff< tiff 4.0.8-3 (bookworm)

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

2
GHSA
GHSA-5ffm-f598-q72q: In LibTIFF 42022-05-13
OSV
CVE-2017-9936: In LibTIFF 42017-06-26

💥Exploits & PoCs

1
Exploit-DB
LibTIFF - 'tif_jbig.c' Denial of Service2017-07-06

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: memory leak in tif_jbig.c2017-07-11
Debian
CVE-2017-9936: tiff - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document ...2017

💬Community

4
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 mingw-libtiff: various flaws [epel-7]2017-07-11
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 mingw-libtiff: various flaws [fedora-all]2017-07-11
Bugzilla
CVE-2017-10688 CVE-2017-9935 CVE-2017-9936 CVE-2017-9937 libtiff: various flaws [fedora-all]2017-07-11
Bugzilla
CVE-2017-9936 libtiff: memory leak in tif_jbig.c2017-07-11