PT-2017-3270 · Libtiff+1 · Libtiff+1

Published

2017-06-29

Updated

2018-03-22

CVE-2017-10688

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.8

Description The issue is related to the TIFFWriteDirectoryTagCheckedLong8Array function in tif dirwrite.c, which lacks sufficient input validation. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code. A crafted input can lead to an assertion abort, resulting in a remote denial of service attack.

Recommendations For LibTIFF version 4.0.8, consider applying input validation to the TIFFWriteDirectoryTagCheckedLong8Array function to prevent exploitation. As a temporary workaround, restrict the use of the TIFFWriteDirectoryTagCheckedLong8Array function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2018-00030

CVE-2017-10688

DLA-1022-1

DSA-3903-1

MGASA-2017-0210

USN-3602-1

Affected Products

Libtiff

Ubuntu

PT-2017-3270 · Libtiff+1 · Libtiff+1

CVE-2017-10688

Weakness Enumeration

Related Identifiers

Affected Products

References · 87