Full Disclosure mailing list archives
LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
From: "zzt0907" <16362505 () qq com>
Date: Thu, 20 Dec 2018 09:03:08 +0800
#CVE-2017-16232 # LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) ## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/ ## Vulnerability Type??memory leak ## Attack Type : local ## Vulnerability Description LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c ## POC https://github.com/followboy1999/poc/tree/master/CVE-2017-16232 ./tiff2bw libtiff_poc.tif 222.tif LZWDecode: Not enough data at scanline 0 (short 6442443006 bytes).
/usr/local/bin/llvm-symbolizer: /lib/x86_64-linux-gnu/libtinfo.so.5: no version information available (required by /usr/local/bin/llvm-symbolizer) ================================================================= ==25328==ERROR: LeakSanitizer: detected memory leaks Direct leak of 6442451106 byte(s) in 1 object(s) allocated from: #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 #1 0x4e88be in main /home/zzt/Fuzzing/Victims/ASAN/tiff-4.0.8/tools/tiff2bw.c:258:28 #2 0x7f293f0fdabf in __libc_start_main /build/glibc-qbmteM/glibc-2.21/csu/libc-start.c:289 Direct leak of 1137 byte(s) in 1 object(s) allocated from: #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 #1 0x54d6b6 in TIFFClientOpen /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_open.c:119 Indirect leak of 81904 byte(s) in 1 object(s) allocated from: #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 #1 0x5ea2e9 in LZWSetupDecode /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_lzw.c:232 Indirect leak of 2273 byte(s) in 5 object(s) allocated from: #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3 #1 0x56f5db in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73 #2 0x56f5db in _TIFFCheckMalloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:88 Indirect leak of 1240 byte(s) in 2 object(s) allocated from: #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3 #1 0x56f430 in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73
## Versions:LibTIFF 4.0.8 ## Impact:Denial of Service ## Credit This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC) ## References CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232 https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) zzt0907 (Dec 21)
- Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) Henri Salo (Dec 21)