1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2017-5849
PublicDate: 2017-03-15
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5849
http://www.openwall.com/lists/oss-security/2017/02/02/2
Description:
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff
TIFFRGBAImageGet function, which allows remote attackers to cause a denial
of service (out-of-bounds read and write) via a crafted tiff image file,
related to transposing width and height values.
Ubuntu-Description:
Notes:
mdeslaur> Debian and Ubuntu use a netpbm fork which does not contain the
mdeslaur> issue. See here:
mdeslaur> http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853997
http://bugzilla.maptools.org/show_bug.cgi?id=2654
http://bugzilla.maptools.org/show_bug.cgi?id=2655
Priority: medium
Discovered-by:
Assigned-to:
Patches_netpbm-free:
upstream_netpbm-free: needed
precise_netpbm-free: not-affected
trusty_netpbm-free: not-affected
vivid/stable-phone-overlay_netpbm-free: DNE
vivid/ubuntu-core_netpbm-free: DNE
xenial_netpbm-free: not-affected
yakkety_netpbm-free: not-affected
devel_netpbm-free: not-affected
|