Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)

Related Vulnerabilities: CVE-2017-16232  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#32">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#32">By Thread</a>
<a href="47"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">LibTIFF 4.0.8 has multiple memory leak vulnerabilities	(CVE-2017-16232)</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: "zzt0907" &lt;16362505 () qq com&gt;


<em>Date</em>: Thu, 20 Dec 2018 09:03:08 +0800


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">#CVE-2017-16232
# LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
## Product Download: <a rel="nofollow" href="http://www.libtiff.org/">http://www.libtiff.org/</a> <a rel="nofollow" href="http://download.osgeo.org/libtiff/">http://download.osgeo.org/libtiff/</a>
## Vulnerability Type??memory leak
## Attack Type : local
## Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
## POC
<a rel="nofollow" href="https://github.com/followboy1999/poc/tree/master/CVE-2017-16232">https://github.com/followboy1999/poc/tree/master/CVE-2017-16232</a>

./tiff2bw libtiff_poc.tif 222.tif
 LZWDecode: Not enough data at scanline 0 (short 6442443006 bytes).
</pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><pre style="margin: 0em;">/usr/local/bin/llvm-symbolizer: /lib/x86_64-linux-gnu/libtinfo.so.5: no version information available (required by 
/usr/local/bin/llvm-symbolizer)

=================================================================
==25328==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6442451106 byte(s) in 1 object(s) allocated from:
    #0 0x4bbfd3 in __interceptor_malloc 
/home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
    #1 0x4e88be in main /home/zzt/Fuzzing/Victims/ASAN/tiff-4.0.8/tools/tiff2bw.c:258:28
    #2 0x7f293f0fdabf in __libc_start_main /build/glibc-qbmteM/glibc-2.21/csu/libc-start.c:289

Direct leak of 1137 byte(s) in 1 object(s) allocated from:
    #0 0x4bbfd3 in __interceptor_malloc 
/home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
    #1 0x54d6b6 in TIFFClientOpen /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_open.c:119

Indirect leak of 81904 byte(s) in 1 object(s) allocated from:
    #0 0x4bbfd3 in __interceptor_malloc 
/home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
    #1 0x5ea2e9 in LZWSetupDecode /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_lzw.c:232

Indirect leak of 2273 byte(s) in 5 object(s) allocated from:
    #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3
    #1 0x56f5db in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73
    #2 0x56f5db in _TIFFCheckMalloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:88

Indirect leak of 1240 byte(s) in 2 object(s) allocated from:
    #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3
    #1 0x56f430 in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73
</pre></blockquote><pre style="margin: 0em;">
## Versions:LibTIFF 4.0.8
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## References
CVE: <a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232</a>
<a rel="nofollow" href="https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0">https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0</a>

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#32">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="31"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#32">By Thread</a>
<a href="47"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>LibTIFF 4.0.8 has multiple memory leak vulnerabilities	(CVE-2017-16232)</strong> <em>zzt0907 (Dec 21)</em>
<ul>
<li><a name="47" href="47">Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)</a> <em>Henri Salo (Dec 21)</em>
</li>
</ul>
</li>
</ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started