[3.8] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
References:
http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show\_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095
(from redmine: issue id 8240, created on 2017-12-05, closed on 2018-08-02)
- Relations:
- parent #8239 (closed)
- Changesets:
- Revision c1c8c5a7 by Natanael Copa on 2018-07-30T17:12:05Z:
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8240
- Revision 6659caf6 by Natanael Copa on 2018-08-01T12:06:26Z:
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8240
fixes #9163