Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-19
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
| Products | Ubuntu_linux, Debian_linux, Libtiff |
| Type | Uncontrolled Resource Consumption (CWE-400) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://www.debian.org/security/2018/dsa-4349
• https://usn.ubuntu.com/3602-1/ • https://usn.ubuntu.com/3606-1/ • https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html • https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html |