LibTIFF CVE-2017-17973 Memory Corruption Vulnerability

LibTIFF is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue to execute arbitrary code in the context of the application using the affected library. Failed exploit attempts may result in denial-of-service conditions.

LibTIFF 4.0.8 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 102331
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-17973

Remote: Yes
Local: No
Published: Dec 29 2017 12:00AM
Updated: Dec 29 2017 12:00AM
Credit: xiaosatianyu
Vulnerable: LibTIFF LibTIFF 4.0.8

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Bug 2769 - There is a heap-use-after-free in t2p_writeproc function in tiff2pdf. (bugzilla)
LibTIFF Homepage (LibTIFF)

Source: www.securityfocus.com

Exploit Collector

Search Exploit