CVE-2017-9937

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.8

Description The issue is related to a memory malloc failure in the tif jbig.c component, which can be exploited by a crafted TIFF document, leading to a remote denial of service attack. It is also associated with a buffer overflow in the JBIG1 data compression standard for JBIG-KIT image handling, allowing a remote attacker to cause a service disruption.

Recommendations For LibTIFF version 4.0.8, consider updating to a newer version that addresses the memory malloc failure in tif jbig.c to prevent remote denial of service attacks. As a temporary workaround, restrict the handling of crafted TIFF documents to minimize the risk of exploitation.