LibTIFF - tif_jbig.c Denial of Service Exploit

🗓️ 07 Jul 2017 00:00:00Reported by OWL337Type

zdt🔗 0day.today👁 36 Views

LibTIFF tif_jbig.c DoS exploit via tiff2ps or tiff2pd

Reporter	Title	Published	Views	Family All 57
AlpineLinux	CVE-2017-9936	26 Jun 201712:00	–	alpinelinux
Cloud Foundry	USN-3602-1: LibTIFF vulnerabilities \| Cloud Foundry	2 May 201800:00	–	cloudfoundry
Circl	CVE-2017-9936	6 Jul 201700:00	–	circl
CNVD	Silicon Graphics LibTIFF 'tif_jbig.c' Denial of Service Vulnerability	28 Jun 201700:00	–	cnvd
CVE	CVE-2017-9936	26 Jun 201712:00	–	cve
Cvelist	CVE-2017-9936	26 Jun 201712:00	–	cvelist
Debian	[SECURITY] [DLA 1022-1] tiff security update	11 Jul 201714:21	–	debian
Debian	[SECURITY] [DLA 1023-1] tiff3 security update	11 Jul 201714:22	–	debian
Debian	[SECURITY] [DSA 3903-1] tiff security update	5 Jul 201720:57	–	debian
Debian CVE	CVE-2017-9936	26 Jun 201712:00	–	debiancve

Source: http://bugzilla.maptools.org/show_bug.cgi?id=2706
 
Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”
 
Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”
 
The asan debug information is below:
 
$./tiff2ps $POC  
 
 
=================================================================
==26627==ERROR: LeakSanitizer: detected memory leaks
 
Direct leak of 1792 byte(s) in 7 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)
 
Indirect leak of 170491316224 byte(s) in 223 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)
 
SUMMARY: AddressSanitizer: 170491318016 byte(s) leaked in 230 allocation(s).
 
 
Affected version:
<=the Latest version (4.0.8)

#  0day.today [2018-02-19]  #

07 Jul 2017 00:00Current

7.2High risk

Vulners AI Score7.2

EPSS0.05227