Memory Allocation Fault in LibTIFF Affects TIFF Processing
CVE-2017-12944

7.5HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
18 August 2017

What is CVE-2017-12944?

The TIFFReadDirEntryArray function in LibTIFF version 4.0.8 improperly handles memory allocation for small TIFF files. This vulnerability can be exploited by remote attackers during the invocation of the tiff2pdf utility, leading to an application crash due to allocation failures in the TIFFFetchStripThing function. As a result, services that rely on TIFF processing may become unavailable, disrupting operations and affecting productivity.

References

https://usn.ubuntu.com/3606-1/
vendor-advisoryx_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2725
x_refsource_CONFIRM
https://usn.ubuntu.com/3602-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.