CVE-2017-9937
Published: 26 June 2017
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | reported in libtiff, but issue lies in jbigkit as of 2018-03-22, no fix available this is a DoS only and is caused by the fact that jbigkit handles failed memory allocations with abort(). (See checked_malloc()). Fixing this properly would likely require changing the library ABI. |
| ccdm94 | commit bc3293299b was released in 2020, and it seems to be the commit that fixes this issue, according to the commit message and according to tests made with the commit applied to jbigkit (the error no longer occurs once this fix is applied). |
Priority
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
jbigkit Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Released
(2.1-3.1ubuntu0.18.04.1)
|
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(2.1-3.1ubuntu0.20.04.1)
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Released
(2.1-3.1ubuntu0.22.04.1)
|
|
| kinetic |
Released
(2.1-3.1ubuntu0.22.10.1)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(2.0-2ubuntu4.1+esm1)
|
|
| upstream |
Pending
(2.2)
|
|
| xenial |
Released
(2.1-3.1ubuntu0.1~esm1)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|