CVE-2017-14528

2017-09-18T00:00:00
ID UB:CVE-2017-14528
Type ubuntucve
Reporter ubuntu.com
Modified 2017-09-18T00:00:00

Description

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

Bugs

  • <http://bugzilla.maptools.org/show_bug.cgi?id=2730>
  • <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878544>

Notes

Author| Note
---|---
mdeslaur | code not present in jessie