[3.7] tiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c (CVE-2018-5784)
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the
TIFFSetDirectory function of tif_dir.c. Remote attackers could
leverage
this vulnerability to cause a denial of service via a crafted tif file.
This occurs because the declared number of directory entries is not
validated against the actual number of directory entries.
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2772
https://nvd.nist.gov/vuln/detail/CVE-2018-5784
Patch:
https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
(from redmine: issue id 8707, created on 2018-03-22, closed on 2018-04-03)
- Relations:
- copied_to #8705 (closed)
- parent #8705 (closed)
- Changesets:
- Revision d44bbad6 on 2018-04-02T10:28:16Z:
main/tiff: fix CVE-2018-5784
fixes #8707