[3.7] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
References:
http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show\_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095
(from redmine: issue id 8241, created on 2017-12-05, closed on 2018-08-02)
- Relations:
- parent #8239 (closed)
- Changesets:
- Revision dc9b38d5 by Natanael Copa on 2018-08-02T05:58:23Z:
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8241
fixes #9164