CVE-2024-6716
Published: 15 July 2024
A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.
Notes
| Author | Note |
|---|---|
Priority reason: Only a resource consumption DoS via API misuse |
|
| sbeattie | texmaker added an embedded copy of libtiff in bionic |
| mdeslaur | Per the tiff developers, this API can't perform restrictions on imagewidth and imagelength, as high values are also valid. Application developers should be using the TIFFOpenOptionsSetMaxSingleMemAlloc() API. The upstream bug is likely to get closed, and this CVE rejected. Marking as deferred for now. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gdal Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
| focal |
Not vulnerable
(uses system tiff)
|
|
| jammy |
Not vulnerable
(uses system tiff)
|
|
| noble |
Not vulnerable
(uses system tiff)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
neuron Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| noble |
Not vulnerable
(dropped embedded libtiff)
|
|
| upstream |
Needs triage
|
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
tiff Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2024-07-15)
|
| focal |
Deferred
(2024-07-15)
|
|
| jammy |
Deferred
(2024-07-15)
|
|
| noble |
Deferred
(2024-07-15)
|
|
| trusty |
Deferred
(2024-07-15)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
(2024-07-15)
|