PT-2017-16711 · Netpbm+2 · Netpbm+2

Chunibalon

·

Publicado

2017-03-15

·

Atualizado

2024-06-15

·

CVE-2017-5849

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions netpbm version 10.47.63
Description The issue is related to the improper use of the libtiff TIFFRGBAImageGet function by tiffttopnm in netpbm, allowing remote attackers to cause a denial of service through an out-of-bounds read and write via a crafted tiff image file. This is due to the transposing of width and height values.
Recommendations For netpbm version 10.47.63, consider updating to a newer version that properly handles the libtiff TIFFRGBAImageGet function to prevent out-of-bounds read and write operations. As a temporary workaround, restrict the use of tiffttopnm with untrusted tiff image files to minimize the risk of exploitation.

Exploit

Correção

DoS

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-125

Identificadores relacionados

CVE-2017-5849
OPENSUSE-SU-2024:13655-1
OPENSUSE-SU-2024_0435-1
SUSE-SU-2024:0434-1
SUSE-SU-2024:0435-1
SUSE-SU-2024_0434-1
SUSE-SU-2024_0435-1

Produtos afetados

Suse
Libtiff
Netpbm