[Secure-testing-team] Bug#869708: jbigkit: CVE-2017-9937
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 25 20:28:26 UTC 2017
Source: jbigkit
Version: 2.1-3.1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for jbigkit.
CVE-2017-9937[0]:
| In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A
| crafted TIFF document can lead to an abort resulting in a remote denial
| of service attack.
Note, that originally the issue has been reported for LibTIFF project,
[1], but as shown in [2] the issue lies in jbigkit itself. It can be
seen either with an ASAN build, or under valgrind:
==10811== Memcheck, a memory error detector
==10811== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10811== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==10811== Command: ./jbigkit-2.1/pbmtools/jbgtopbm ./poc2_only_jbig_content
==10811==
==10811==
==10811== Process terminating with default action of signal 6 (SIGABRT)
==10811== at 0x5078FCF: raise (raise.c:51)
==10811== by 0x507A3F9: abort (abort.c:89)
==10811== by 0x4E3944C: ??? (in /usr/lib/x86_64-linux-gnu/libjbig.so.0)
==10811== by 0x4E3EB79: jbg_dec_in (in /usr/lib/x86_64-linux-gnu/libjbig.so.0)
==10811== by 0x109233: main (jbgtopbm.c:407)
==10811==
==10811== HEAP SUMMARY:
==10811== in use at exit: 17,192 bytes in 14 blocks
==10811== total heap usage: 15 allocs, 1 frees, 21,288 bytes allocated
==10811==
==10811== LEAK SUMMARY:
==10811== definitely lost: 0 bytes in 0 blocks
==10811== indirectly lost: 0 bytes in 0 blocks
==10811== possibly lost: 0 bytes in 0 blocks
==10811== still reachable: 17,192 bytes in 14 blocks
==10811== suppressed: 0 bytes in 0 blocks
==10811== Rerun with --leak-check=full to see details of leaked memory
==10811==
==10811== For counts of detected and suppressed errors, rerun with: -v
==10811== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2707
[2] http://bugzilla.maptools.org/show_bug.cgi?id=2707#c8
Regards,
Salvatore
More information about the Secure-testing-team
mailing list