CVE-2019-17546 — Integer Overflow or Wraparound in Libtiff

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow12 documents8 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.4%

top 40.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Osgeo Gdal Libtiff

Timeline

PublishedOct 14

Latest updateFeb 2

Description

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlibtiff/libtiff< 4.1.0

▶Debianosgeo/gdal< 3.1.0+dfsg-1+3

▶NVDosgeo/gdal3.0.1

Patches

Patch: github.com ↗Patch: gitlab.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2023-02-02

▶

GHSA

GHSA-24m4-fmx6-c2q6: tif_getimage↗2022-05-24

▶

OSV

CVE-2019-17546: tif_getimage↗2019-10-14

▶

CVEList

CVE-2019-17546: tif_getimage↗2019-10-14

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2023-02-02

▶

Ubuntu

LibTIFF vulnerabilities↗2019-10-17

▶

Red Hat

libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c↗2019-08-15

▶

Debian

CVE-2019-17546: gdal - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and othe...↗2019

▶

💬Community

Bugzilla

CVE-2019-17546 mingw-libtiff: libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c [epel-7]↗2019-11-12

▶

Bugzilla

CVE-2019-17546 libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c↗2019-10-25

▶

Bugzilla

CVE-2019-17546 libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c [fedora-all]↗2019-10-25

▶