RETIRED: LibTIFF CVE-2017-7599 Denial of Service Vulnerability

LibTIFF is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

LibTIFF 4.0.7 is vulnerable; other versions may also be vulnerable. Retired as a duplicate of BID 97508 LibTIFF CVE-2017-7599 Denial of Service Vulnerability.

Information

Bugtraq ID: 97505
Class: Design Error
CVE: CVE-2017-7599

Remote: Yes
Local: No
Published: Apr 09 2017 12:00AM
Updated: Apr 15 2019 07:00PM
Credit: Agostino Sarubbo of Gentoo.
Vulnerable: LibTIFF LibTIFF 4.0.7

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

LibTIFF Homepage (LibTIFF)
libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings (Libtiff)
libtiff: multiple UBSAN crashes (Gentoo)

Source: www.securityfocus.com

Exploit Collector

Search Exploit