Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <alpine.GSO.2.20.1711010952290.14662@scrappy.simplesystems.org>
Date: Wed, 1 Nov 2017 09:59:42 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE-2017-16231: PCRE 8.41 match() stack overflow;
 CVE-2017-16232: LibTIFF 4.0.8 memory leaks

On Wed, 1 Nov 2017, ???? wrote:
>
>> [Suggested description]
>> LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
>> attackers to cause a denial of service (memory consumption), as demonstrated
>> by tif_open.c, tif_lzw.c, and tif_aux.c
>>
>> ------------------------------------------
>>
>> [Additional Information]
>> /tiff2bw ../../../../libtiff_4.0.8_afl/2bw_output/crashes/poc.tif 222.tif

I am not seeing any memory leak vulnerability.  I do see that tiff2bw 
made no attempt to release any memory at all (not strictly required 
for a utility since memory is released when it quits).  I have 
modified the code in the development CVS version to release memory to 
satisfy memory checkers.

>
> Use CVE-2017-16232.

This is a memory-based DOS issue within tiff2bw itself (not directly 
inside libtiff).  TIFF files using LZW compression can achieve a very 
high compression ratio so it can be difficult to predict if a file's 
pixel dimensions are bogus or not.  Valid files also pose a DOS 
opportunity.  There are no arbitrary limits imposed within tiff2bw.

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.