Bugzilla – Bug 947122
VUL-0: CVE-2015-7313: tiff: crafted tiff file could lead to OOM kill denial of service
Last modified: 2020-04-01 22:15:25 UTC
Created attachment 648701 [details] reproducer CVE-2015-7313 it was found a DoS using a crafted tiff file that causes a OOM kill in low memory system (usually less than 3GB). This was tested in Ubuntu 14.04 (64bit) but the issue exists even in the CVS libtiff version. Please find attached the compressed test case (otherwise it can kill my browser since gdk-pixbuf is loading tiff files in the preview dialog!). You can test it executing: $ tiffdither oom.tif /dev/null If you run it with ltrace, you can see some very large reallocs: libtiff.so.5->realloc(0, 1636178024) = 0x7f71a42b6010 libtiff.so.5->realloc(0, 1636178024) = 0x7f7142a54010 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7313 http://seclists.org/oss-sec/2015/q3/621
bugbot adjusting priority
Not a security issue, it simply uses a lot of memory. ( /proc/sys/vm/overcommit_memory is default at 0) This is not in the libtiff code, and is more a peculiarity of vm systems with overcommit.