Debian Bug report logs -
#869708
jbigkit: CVE-2017-9937
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Michael van der Kolff <mvanderkolff@gmail.com>
:
Bug#869708
; Package src:jbigkit
.
(Tue, 25 Jul 2017 20:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Michael van der Kolff <mvanderkolff@gmail.com>
.
(Tue, 25 Jul 2017 20:30:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: jbigkit
Version: 2.1-3.1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for jbigkit.
CVE-2017-9937[0]:
| In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A
| crafted TIFF document can lead to an abort resulting in a remote denial
| of service attack.
Note, that originally the issue has been reported for LibTIFF project,
[1], but as shown in [2] the issue lies in jbigkit itself. It can be
seen either with an ASAN build, or under valgrind:
==10811== Memcheck, a memory error detector
==10811== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10811== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==10811== Command: ./jbigkit-2.1/pbmtools/jbgtopbm ./poc2_only_jbig_content
==10811==
==10811==
==10811== Process terminating with default action of signal 6 (SIGABRT)
==10811== at 0x5078FCF: raise (raise.c:51)
==10811== by 0x507A3F9: abort (abort.c:89)
==10811== by 0x4E3944C: ??? (in /usr/lib/x86_64-linux-gnu/libjbig.so.0)
==10811== by 0x4E3EB79: jbg_dec_in (in /usr/lib/x86_64-linux-gnu/libjbig.so.0)
==10811== by 0x109233: main (jbgtopbm.c:407)
==10811==
==10811== HEAP SUMMARY:
==10811== in use at exit: 17,192 bytes in 14 blocks
==10811== total heap usage: 15 allocs, 1 frees, 21,288 bytes allocated
==10811==
==10811== LEAK SUMMARY:
==10811== definitely lost: 0 bytes in 0 blocks
==10811== indirectly lost: 0 bytes in 0 blocks
==10811== possibly lost: 0 bytes in 0 blocks
==10811== still reachable: 17,192 bytes in 14 blocks
==10811== suppressed: 0 bytes in 0 blocks
==10811== Rerun with --leak-check=full to see details of leaked memory
==10811==
==10811== For counts of detected and suppressed errors, rerun with: -v
==10811== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2707
[2] http://bugzilla.maptools.org/show_bug.cgi?id=2707#c8
Regards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:14:33 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.