Home CVE Database CVE-2017-11613

CVE-2017-11613

Description

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Priority: MEDIUM
CVSS v3: 6.5
Publish Date: Jul 26, 2017
Related ID: --
CVSS v2: Medium
Modified Date: Jul 26, 2017

Find out more about CVE-2017-11613 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed -- 10.17.41.11 --
Wind River Linux 8 Fixed LIN8-7168
8.0.0.27 --
Wind River Linux 9 Fixed LIN9-4761
9.0.0.18 --
Wind River Linux 7 Fixed -- 7.0.0.29 --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Comments

libtiff

Live chat
Online