CVE-2017-10688

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.8

Description The issue is related to the TIFFWriteDirectoryTagCheckedLong8Array function in tif dirwrite.c, which lacks sufficient input validation. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code. A crafted input can lead to an assertion abort, resulting in a remote denial of service attack.

Recommendations For LibTIFF version 4.0.8, consider applying input validation to the TIFFWriteDirectoryTagCheckedLong8Array function to prevent exploitation. As a temporary workaround, restrict the use of the TIFFWriteDirectoryTagCheckedLong8Array function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.