LibTIFF is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition.
LibTIFF 4.0.7 is vulnerable; other versions may also be vulnerable. Retired as a duplicate of BID 97508 LibTIFF CVE-2017-7599 Denial of Service Vulnerability.
Information
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- LibTIFF Homepage (LibTIFF)
- libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings (Libtiff)
- libtiff: multiple UBSAN crashes (Gentoo)