Bug 1530912 (CVE-2017-17973)

Summary: CVE-2017-17973 libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: nforro, phracek, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-22 03:52:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1530913, 1910610    
Bug Blocks: 1530914    

Description Sam Fowler 2018-01-04 06:55:52 UTC 
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17973
http://www.cvedetails.com/cve/CVE-2017-17973/
http://bugzilla.maptools.org/show_bug.cgi?id=2769
Comment 1 Sam Fowler 2018-01-04 06:56:16 UTC 
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 1530913]
Comment 2 Huzaifa S. Sidhpurwala 2018-01-22 03:52:35 UTC 
Analysis:

I am not able to reproduce this on any version of libtiff shipped with Red Hat Enterprise Linux or with the upstream version compiled with ASAN. Currently there is no response from upstream nor any response from the reporter of this flaw.

I am going to mark this issue as notaffected, until there is more information available.