CVE-2017-11613
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-11613
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11613.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-11613
- Related
- Published
- 2017-07-26T08:29:00Z
- Modified
- 2024-09-03T01:37:54.872915Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the TIFFCheckMalloc function is called based on tdimagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
- References
-
- http://www.securityfocus.com/bid/99977
- https://www.debian.org/security/2018/dsa-4349
- https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
- https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
- https://usn.ubuntu.com/3606-1/
- https://security.alpinelinux.org/vuln/CVE-2017-11613
- https://security-tracker.debian.org/tracker/CVE-2017-11613
Affected packages
Alpine:v3.10 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.11 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.12 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.13 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.14 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.15 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.16 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.17 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.18 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.19 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.20 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.5 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.6 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.7 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.8 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Alpine:v3.9 / tiff
Package
- Name
- tiff
- Purl
- pkg:apk/alpine/tiff?arch=source
Debian:11 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Debian:12 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Debian:13 / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/debian/tiff?arch=source
Git / github.com/vadz/libtiff
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vadz/libtiff
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://gitlab.com/libtiff/libtiff
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7
Release-v4-0-8
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8