| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_2C180C58B13903A77C45EFFA319863C70209@qq.com> Date: Thu, 20 Dec 2018 09:03:08 +0800 From: "zzt0907" <16362505@...com> To: "fulldisclosure" <fulldisclosure@...lists.org> Subject: [FD] LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) #CVE-2017-16232 # LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232) ## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/ ## Vulnerability Type:memory leak ## Attack Type : local ## Vulnerability Description LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c ## POC https://github.com/followboy1999/poc/tree/master/CVE-2017-16232 ./tiff2bw libtiff_poc.tif 222.tif LZWDecode: Not enough data at scanline 0 (short 6442443006 bytes). > /usr/local/bin/llvm-symbolizer: /lib/x86_64-linux-gnu/libtinfo.so.5: no version information available (required by /usr/local/bin/llvm-symbolizer) > > ================================================================= > ==25328==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 6442451106 byte(s) in 1 object(s) allocated from: > #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 > #1 0x4e88be in main /home/zzt/Fuzzing/Victims/ASAN/tiff-4.0.8/tools/tiff2bw.c:258:28 > #2 0x7f293f0fdabf in __libc_start_main /build/glibc-qbmteM/glibc-2.21/csu/libc-start.c:289 > > Direct leak of 1137 byte(s) in 1 object(s) allocated from: > #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 > #1 0x54d6b6 in TIFFClientOpen /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_open.c:119 > > Indirect leak of 81904 byte(s) in 1 object(s) allocated from: > #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3 > #1 0x5ea2e9 in LZWSetupDecode /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_lzw.c:232 > > Indirect leak of 2273 byte(s) in 5 object(s) allocated from: > #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3 > #1 0x56f5db in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73 > #2 0x56f5db in _TIFFCheckMalloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:88 > > Indirect leak of 1240 byte(s) in 2 object(s) allocated from: > #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3 > #1 0x56f430 in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73 ## Versions:LibTIFF 4.0.8 ## Impact:Denial of Service ## Credit This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC) ## References CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232 https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists