Fabre

#885579 tiff: CVE-2017-17942: heap-buffer-overflow in PackBitsEncode function #885579

Package:: src:tiff

Source:: tiff

Submitter:: Salvatore Bonaccorso

Date:: 2021-04-08 19:30:09 UTC

Severity:: important

Tags:

#885579#5

Date:: 2017-12-28 10:08:40 UTC

From:

To:

Hi,

the following vulnerability was published for tiff.

CVE-2017-17942[0]:
| In LibTIFF 4.0.9, there is a heap-based buffer over-read in the
| function PackBitsEncode in tif_packbits.c.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17942
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2767

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#885579#10

Date:: 2017-12-31 13:32:07 UTC

From:

To:

Hi

FTR, as this is not the straightforwardest to verify (because bmp2tiff
as helping tool to trigger it is not anymore available), the POC can
be found at

https://github.com/xiaosatianyu/poc/blob/master/libtiff4.0.8/bmp2tiff/poc1

which should be the one corresponding to

https://github.com/xiaosatianyu/poc/blob/master/libtiff4.0.8/bmp2tiff/report-1

Regards,
Salvatore

#885579#21

Date:: 2021-04-08 19:27:45 UTC

From:

To:

#885579 tiff: CVE-2017-17942: heap-buffer-overflow in PackBitsEncode function #885579

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)