oss-sec mailing list archives
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Wed, 1 Nov 2017 09:59:42 -0500 (CDT)
On Wed, 1 Nov 2017, ???? wrote:
[Suggested description] LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c ------------------------------------------ [Additional Information] /tiff2bw ../../../../libtiff_4.0.8_afl/2bw_output/crashes/poc.tif 222.tif
I am not seeing any memory leak vulnerability. I do see that tiff2bw made no attempt to release any memory at all (not strictly required for a utility since memory is released when it quits). I have modified the code in the development CVS version to release memory to satisfy memory checkers.
Use CVE-2017-16232.
This is a memory-based DOS issue within tiff2bw itself (not directly inside libtiff). TIFF files using LZW compression can achieve a very high compression ratio so it can be difficult to predict if a file's pixel dimensions are bogus or not. Valid files also pose a DOS opportunity. There are no arbitrary limits imposed within tiff2bw.
Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Current thread:
- CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks ???? (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Bob Friesenhahn (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Agostino Sarubbo (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Solar Designer (Nov 01)