Bug 1524284 (CVE-2017-17095)
| Summary: | CVE-2017-17095 libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | nforro, phracek, tgl |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in LibTIFF, where a heap-based buffer overflow in the pal2rgb function in tools/pal2rgb.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-12-18 07:24:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1524285, 1526899, 1910611 | ||
| Bug Blocks: | 1524288 | ||
|
Description
Sam Fowler
2017-12-11 07:13:39 UTC
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1524285] Note: As per upstream bug, there is currently no patch yet. The proposed patch seems to be insufficient, since the issue still manifests after the patch is applied. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:4658 https://access.redhat.com/errata/RHSA-2025:4658 |