FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libtiff -- Improper Input Validation

Affected packages
libtiff <= 4.0.8

Details

VuXML ID 9b5a905f-e556-452f-a00c-8f070a086181
Discovery 2017-08-29
Entry 2017-10-10

libtiff developers report:

There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

[source]

References

CVE Name CVE-2017-13726
CVE Name CVE-2017-13727
URL http://bugzilla.maptools.org/show_bug.cgi?id=2727
URL http://bugzilla.maptools.org/show_bug.cgi?id=2728
URL http://www.securityfocus.com/bid/100524

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.