Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Nov 2017 09:59:42 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE-2017-16231: PCRE 8.41 match() stack overflow;
 CVE-2017-16232: LibTIFF 4.0.8 memory leaks

On Wed, 1 Nov 2017, ???? wrote:
>
>> [Suggested description]
>> LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
>> attackers to cause a denial of service (memory consumption), as demonstrated
>> by tif_open.c, tif_lzw.c, and tif_aux.c
>>
>> ------------------------------------------
>>
>> [Additional Information]
>> /tiff2bw ../../../../libtiff_4.0.8_afl/2bw_output/crashes/poc.tif 222.tif

I am not seeing any memory leak vulnerability.  I do see that tiff2bw 
made no attempt to release any memory at all (not strictly required 
for a utility since memory is released when it quits).  I have 
modified the code in the development CVS version to release memory to 
satisfy memory checkers.

>
> Use CVE-2017-16232.

This is a memory-based DOS issue within tiff2bw itself (not directly 
inside libtiff).  TIFF files using LZW compression can achieve a very 
high compression ratio so it can be difficult to predict if a file's 
pixel dimensions are bogus or not.  Valid files also pose a DOS 
opportunity.  There are no arbitrary limits imposed within tiff2bw.

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.