[3.4] tiff: memory-based DoS in tiff2bw (CVE-2017-16232)
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as
demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
References:
http://seclists.org/oss-sec/2017/q4/168
http://openwall.com/lists/oss-security/2017/11/01/3
(from redmine: issue id 8148, created on 2017-11-14, closed on 2017-11-23)
- Relations:
- parent #8144 (closed)
- Changesets:
- Revision 713292e9 by Natanael Copa on 2017-11-23T07:46:16Z:
main/tiff: security upgrade to 4.0.9 (CVE-2017-16231,CVE-2017-16232)
fixes #8148