Bugzilla – Bug 1021652
VUL-1: CVE-2017-5563: tiff: LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read intif_lzw.c resulting in DoS o...
Last modified: 2017-03-29 09:22:12 UTC
Found by wang junjie CVE-2017-5563 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. Upstream bug report: http://bugzilla.maptools.org/show_bug.cgi?id=2664 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5563 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5563.html http://www.cvedetails.com/cve/CVE-2017-5563/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563 http://bugzilla.maptools.org/show_bug.cgi?id=2664
There's a PoC file in the upstream bug: http://bugzilla.maptools.org/attachment.cgi?id=749&action=edit It's supposed to trigger using `bmp2tiff`: bmp2tiff -c lzw poc out.tif Doing so shows no visible sign of corruption, valgrind reports no errors. The issue probably only can be reproduced using a build with '-fsanitize=address'. It seems there's no upstream patch available yet. Need to postpone analysis until the patch is available.
bugbot adjusting priority
Works for us