The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libtiff libtiff 4.0.3 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux workstation 6.0 |
||
apple mac os x 10.8.5 |
||
apple mac os x 10.9.5 |
||
apple mac os x 10.10.0 |
||
apple mac os x 10.10.1 |
||
apple mac os x 10.10.2 |
||
apple mac os x 10.10.3 |
||
apple iphone os |