Main Vulnerability Database Vulnerabilities #VU33352

Infinite loop - CVE-2017-6314

Published: March 10, 2017 / Updated: August 4, 2020

Vulnerability identifier: #VU33352

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6314

CWE-ID: CWE-835

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

How to mitigate CVE-2017-6314

Install update from vendor's website.

Sources

http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
http://www.openwall.com/lists/oss-security/2017/02/21/4
http://www.openwall.com/lists/oss-security/2017/02/26/1
http://www.securityfocus.com/bid/96779
https://bugzilla.gnome.org/show_bug.cgi?id=779020
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT/
https://security.gentoo.org/glsa/201709-08

Infinite loop - CVE-2017-6314

Detailed vulnerability description

How to mitigate CVE-2017-6314

Sources

Please verify you're human