Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-11613

Опубликовано: 26 июл. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

РелизСтатусПримечание
artful

released

4.0.8-5ubuntu0.1
devel

released

4.0.9-4ubuntu1
esm-infra-legacy/trusty

released

4.0.3-7ubuntu0.9
esm-infra/xenial

released

4.0.6-1ubuntu0.4
precise/esm

ignored

trusty

released

4.0.3-7ubuntu0.9
trusty/esm

released

4.0.3-7ubuntu0.9
upstream

needed

vivid/ubuntu-core

DNE

xenial

released

4.0.6-1ubuntu0.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 57%
0.00344
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-11613

CVSS3: 3.3
redhat
больше 8 лет назад

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

nvd логотип

CVE-2017-11613

CVSS3: 6.5
nvd
больше 8 лет назад

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

debian логотип

CVE-2017-11613

CVSS3: 6.5
debian
больше 8 лет назад

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TI ...

github логотип

GHSA-42pc-34h3-q52f

CVSS3: 6.5
github
больше 3 лет назад

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

fstec логотип

BDU:2020-00728

CVSS3: 6.5
fstec
больше 8 лет назад

Уязвимость функции TIFFOpen библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%
0.00344
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3