CVE-2017-11613 in LibTIFFinfo

Summary

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

07/25/2017

Disclosure

07/26/2017

Moderation

VulDB entry created

Entries

VDB-104510 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.4

EPSS

0.00548

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-11613
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-11613
CVE Details	https://www.cvedetails.com/cve/CVE-2017-11613/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!