Wind River Support Network

HomeDefectsLIN8-6944

Fixed

LIN8-6944 : Security Advisory - libtiff - CVE-2017-9935

Created: Jun 29, 2017 Updated: Jan 16, 2019

Resolved Date: Feb 26, 2018

Found In Version: 8.0.0.18

Fix Version: 8.0.0.25

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2017-9935

Other Downloads

Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2017-9935