Vulnerabilities > CVE-2017-11335 - Out-of-bounds Write vulnerability in Libtiff 4.0.8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4100.NASL description Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 106414 published 2018-01-29 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106414 title Debian DSA-4100-1 : tiff - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4100. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(106414); script_version("3.3"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-11335", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-9935"); script_xref(name:"DSA", value:"4100"); script_name(english:"Debian DSA-4100-1 : tiff - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/tiff" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/tiff" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/tiff" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4100" ); script_set_attribute( attribute:"solution", value: "Upgrade the tiff packages. For the oldstable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 4.0.8-2+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libtiff-doc", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libtiff-opengl", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libtiff-tools", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libtiff5", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libtiff5-dev", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libtiffxx5", reference:"4.0.3-12.3+deb8u5")) flag++; if (deb_check(release:"9.0", prefix:"libtiff-doc", reference:"4.0.8-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libtiff-opengl", reference:"4.0.8-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libtiff-tools", reference:"4.0.8-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libtiff5", reference:"4.0.8-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libtiff5-dev", reference:"4.0.8-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libtiffxx5", reference:"4.0.8-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1093.NASL description Several vulnerabilities have been discovered in the Tag Image File Format (TIFF) library and its associated tools. CVE-2017-11335 A heap based buffer overflow via a PlanarConfig=Contig image, which causes an out-of-bounds write (related to the ZIPDecode function). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. CVE-2017-12944 A mishandling of memory allocation for short files allows attackers to cause a denial of service (allocation failure and application crash) during a tiff2pdf invocation. CVE-2017-13726 A reachable assertion abort allows a crafted input to lead to a remote denial of service attack. CVE-2017-13727 A reachable assertion abort allows a crafted input to lead to a remote denial of service attack. For Debian 7 last seen 2020-03-17 modified 2017-09-11 plugin id 103093 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103093 title Debian DLA-1093-1 : tiff security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3602-1.NASL description It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108513 published 2018-03-21 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108513 title Ubuntu 14.04 LTS / 16.04 LTS : tiff vulnerabilities (USN-3602-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1094.NASL description A heap based buffer overflow has been discovered in the tiff2pdf utility, part of the Tag Image File Format (TIFF) library. A PlanarConfig=Contig image can cause an out-of-bounds write (related to the ZIPDecode function). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. For Debian 7 last seen 2020-03-17 modified 2017-09-11 plugin id 103094 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103094 title Debian DLA-1094-1 : tiff3 security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1179-1.NASL description This update for tiff fixes the following issues : - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107). - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280). - CVE-2017-11335: There is a heap-based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937). - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka last seen 2020-06-01 modified 2020-06-02 plugin id 109674 published 2018-05-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109674 title SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1179-1)