[Secure-testing-team] Bug#866113: tiff: CVE-2017-9936: Memory leak in tif_jbig.c can lead to DoS
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 27 12:38:50 UTC 2017
Source: tiff
Version: 4.0.8-2
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2706
Hi,
the following vulnerability was published for tiff.
CVE-2017-9936[0]:
| In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF
| document can lead to a memory leak resulting in a remote denial of
| service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2706
[2] https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
Please adjust the affected versions in the BTS as needed. Only sid
version has been verified at the time of writing this bugreport.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list