[3.4] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
References:
http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show\_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095
(from redmine: issue id 8244, created on 2017-12-05, closed on 2018-08-02)
- Relations:
- parent #8239 (closed)