Executive Summary

Informations
NameCVE-2017-11613First vendor Publication2017-07-26
VendorCveLast vendor Modification2018-12-01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-35d435f362.nasl - Type : ACT_GATHER_INFO
2018-12-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4349.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0039.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote Debian host is missing a security update.
File : debian_DLA-1411.nasl - Type : ACT_GATHER_INFO
2018-06-18Name : The remote Fedora host is missing a security update.
File : fedora_2018-9e0a37e7a2.nasl - Type : ACT_GATHER_INFO
2018-06-05Name : The remote Debian host is missing a security update.
File : debian_DLA-1391.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/99977
DEBIAN https://www.debian.org/security/2018/dsa-4349
MISC https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
MLIST https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
UBUNTU https://usn.ubuntu.com/3606-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-12-01 17:18:58
  • Multiple Updates
2018-07-04 09:19:44
  • Multiple Updates
2018-06-02 09:18:28
  • Multiple Updates
2018-03-28 12:08:10
  • Multiple Updates
2017-07-31 21:21:53
  • Multiple Updates
2017-07-29 12:05:34
  • Multiple Updates
2017-07-26 13:24:47
  • First insertion