Missing Release of Resource after Effective Lifetime in tiff

Do your applications use this vulnerable package? Test your applications

Overview

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

References

ADVISORY
CVE Details
Debian Security Tracker
MISC
OSS security Advisory
OSS security Advisory
OSS security Advisory
OSS security Advisory
OpenSuse Security Announcement
OpenSuse Security Announcement
Seclists Full Disclosure
Seclists Full Disclosure
Security Focus

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-16232
CWE: CWE-772
Snyk ID: SNYK-UBUNTU1804-TIFF-406158
Disclosed: 21 Mar, 2019
Published: 27 Jun, 2018

Missing Release of Resource after Effective Lifetime
Affecting tiff package, versions <0.0.0

Overview

References

CVSS Score

Missing Release of Resource after Effective Lifetime Affecting tiff package, versions <0.0.0

Overview

References

Missing Release of Resource after Effective Lifetime
Affecting tiff package, versions <0.0.0