libtiff.so is vulnerable to denial of service (DoS) through stack-based buffer overflow. The vulnerability exists in the TIFFGetField
function where a stack-based buffer overflow can occur, when parsing a tiff file, depending on whether a codec was enabled.
CPE | Name | Operator | Version |
---|---|---|---|
libtiff.so | le | 3.9.7 | |
libtiff | le | 4.0.6.2 |
bugzilla.maptools.org/show_bug.cgi?id=2625
seclists.org/oss-sec/2017/q1/6
www.debian.org/security/2017/dsa-3903
www.openwall.com/lists/oss-security/2017/01/01/11
www.openwall.com/lists/oss-security/2017/01/01/7
www.securityfocus.com/bid/95178
blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
bugzilla.suse.com/show_bug.cgi?id=1017690
github.com/vadz/libtiff/commit/6281927e03aed3fdaac4c25e1cd1a5ff7232bcd8