Home

CVE-2017-11613

Description

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.344

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.3-7ubuntu0.9_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.3-7ubuntu0.9_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.6-1ubuntu0.4_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.6-1ubuntu0.4_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.8-5ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff5_4.0.8-5ubuntu0.1_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.3-7ubuntu0.9_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.3-7ubuntu0.9_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.6-1ubuntu0.4_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.6-1ubuntu0.4_amd64.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.8-5ubuntu0.1_i386.debLinux
Tag Image File Format (TIFF) library (USN-3606-1) libtiff-tools_4.0.8-5ubuntu0.1_amd64.debLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-32bit-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-debuginfo-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) libtiff5-debuginfo-32bit-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) tiff-debuginfo-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Desktop 12-SP3 ) tiff-debugsource-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3289-1(SUSE Linux Enterprise Server 12-SP3 ) tiff-4.0.9-44.24.1.x86_64.rpmLinux
SUSE-SU-2018:3391-1(SUSE Linux Enterprise Server 11-SP4 ) libtiff3-3.8.2-141.169.19.1.i586.rpmLinux
SUSE-SU-2018:3391-1(SUSE Linux Enterprise Server 11-SP4 ) libtiff3-3.8.2-141.169.19.1.x86_64.rpmLinux
SUSE-SU-2018:3391-1(SUSE Linux Enterprise Server 11-SP4 ) libtiff3-32bit-3.8.2-141.169.19.1.x86_64.rpmLinux
SUSE-SU-2018:3391-1(SUSE Linux Enterprise Server 11-SP4 ) tiff-3.8.2-141.169.19.1.i586.rpmLinux
SUSE-SU-2018:3391-1(SUSE Linux Enterprise Server 11-SP4 ) tiff-3.8.2-141.169.19.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234