Multiple vulnerabilities in LibTIFF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2016-3186 CVE-2016-5102 CVE-2016-5318 CVE-2017-11613 CVE-2017-12944 CVE-2017-17095 CVE-2017-18013 CVE-2017-5563 CVE-2017-9117 CVE-2017-9147 CVE-2017-9935 CVE-2018-5784 |
| CWE-ID | CWE-120 CWE-121 CWE-20 CWE-789 CWE-122 CWE-476 CWE-126 CWE-119 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #10 is available. |
| Vulnerable software Subscribe |
LibTIFF Universal components / Libraries / Libraries used by multiple products |
| Vendor | LibTIFF |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU11491
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3186
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker can cause DoS condition on the target system.
The weakness exists in the gif2tiff.c due to buffer overflow. A remote attacker can submit a specially crafted GIF file and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.6
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=1319503
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU11492
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5102
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker can cause DoS condition on the target system.
The weakness exists in gif2tiff.c in the gif2tiff tool due to buffer overflow. A remote attacker can submit a specially crafted GIF file and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.6
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=1343407
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU11493
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5318
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker can cause DoS condition on the target system.
The weakness exists in the _TIFFVGetField function due to stack-based buffer overflow. A remote attacker can submit a specially crafted tiff file and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.0 - 4.0.6
External linkshttp://github.com/genuinetools/reg/blob/master/README.md
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU11494
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11613
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the TIFFOpen function due to improper checking of td_imagelength during the TIFFOpen process. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.8
External linkshttp://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Uncontrolled memory allocation
EUVDB-ID: #VU11495
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12944
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the TIFFReadDirEntryArray function in tif_read.c due to mishandling memory allocation for short files. A remote attacker can trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.8
External linkshttp://github.com/NixOS/nixpkgs/issues/30959
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU11496
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17095
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in tools/pal2rgb.c in pal2rgb due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.9
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2750
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU9820
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18013
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in tif_print.c within TIFFPrintDirectory() function. A remote attacker can trigger a NULL pointer dereference error and crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.9
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2770
http://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer over-read
EUVDB-ID: #VU11497
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5563
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in tif_lzw.c due to heap-based buffer over-read. A remote attacker can trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.7
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2664
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer over-read
EUVDB-ID: #VU11498
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9117
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in bmp2tiff due to heap-based buffer over-read when the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input. A remote attacker can trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.7
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2690
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU7403
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-9147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exits due to invalid read in the _TIFFVGetField function in tif_dir.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to version 4.0.8-3.
LibTIFF: 4.0.7
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2693
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Memory corruption
EUVDB-ID: #VU11499
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9935
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the t2p_write_pdf function in tools/tiff2pdf.c due to heap-based buffer overflow. A remote attacker can submit a specially crafted TIFF document, trigger out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.8
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2704
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource exhaustion
EUVDB-ID: #VU11500
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5784
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the TIFFSetDirectory function of tif_dir.c due to the declared number of directory entries is not validated against the actual number of directory entries. A remote attacker can submit a specially crafted tif file, trigger resource exhaustion and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.9
External linkshttp://bugzilla.maptools.org/show_bug.cgi?id=2772
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
