PT-2017-19298 · Libtiff+3 · Libtiff+3

Owl337

Publicado

2017-06-26

Atualizado

2024-06-15

CVE-2017-9935

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.8

Description The issue is related to a heap-based buffer overflow in the t2p write pdf function. This overflow could lead to various damages, including out-of-bounds read, invalid free, memory corruption, or double free. It is possible that a crafted TIFF document could cause arbitrary code execution.

Recommendations For LibTIFF version 4.0.8, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, restrict the use of the t2p write pdf function in tools/tiff2pdf.c to minimize the risk of exploitation. Avoid processing crafted TIFF documents until the issue is resolved.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-1628

CVE-2017-9935

DLA-1206-1

DSA-4100-1

MGASA-2018-0109

OPENSUSE-SU-2018_3371-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2018:1179-1

SUSE-SU-2018:1180-1

SUSE-SU-2018:3289-1

SUSE-SU-2018:3391-1

USN-3606-1

Produtos afetados

Alt Linux

Libtiff

Suse

Ubuntu

PT-2017-19298 · Libtiff+3 · Libtiff+3

CVE-2017-9935

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 247