[Secure-testing-team] Bug#866109: tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 27 12:18:14 UTC 2017
Source: tiff
Version: 4.0.8-2
Severity: grave
Tags: upstream security
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2704
Hi,
the following vulnerability was published for tiff, using severity
grave for now since I'm not sure code execution can be ruled out.
CVE-2017-9935[0]:
| In LibTIFF 4.0.8, there is a heap-based buffer overflow in the
| t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could
| lead to different damages. For example, a crafted TIFF document can
| lead to an out-of-bounds read in TIFFCleanup, an invalid free in
| TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or
| a double free in t2p_free. Given these possibilities, it probably could
| cause arbitrary code execution.
In the upstream bugtracker the reporter has provided his reproducers
which can be used later on to verfiy a fix as well with the given
testcases.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2704
Please adjust the affected versions in the BTS as needed, specifically
no checks have been done yet for older versions than 4.0.8-2.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list