what you don't know can hurt you

LibTIFF 4.0.8 Memory Leak

LibTIFF 4.0.8 Memory Leak
Posted Dec 21, 2018
Authored by Jiawang Zhang

LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.

tags | advisory, vulnerability, memory leak, info disclosure
advisories | CVE-2017-16232
MD5 | 503f0927a50cb910585dab9890fa2f1b

LibTIFF 4.0.8 Memory Leak

Change Mirror Download
#CVE-2017-16232
# LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)
## Product Download: http://www.libtiff.org/ http://download.osgeo.org/libtiff/
## Vulnerability TypePSomemory leak
## Attack Type : local
## Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow
attackers to cause a denial of service (memory consumption), as demonstrated
by tif_open.c, tif_lzw.c, and tif_aux.c
## POC
https://github.com/followboy1999/poc/tree/master/CVE-2017-16232

./tiff2bw libtiff_poc.tif 222.tif
LZWDecode: Not enough data at scanline 0 (short 6442443006 bytes).
> /usr/local/bin/llvm-symbolizer: /lib/x86_64-linux-gnu/libtinfo.so.5: no version information available (required by /usr/local/bin/llvm-symbolizer)
>
> =================================================================
> ==25328==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 6442451106 byte(s) in 1 object(s) allocated from:
> #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
> #1 0x4e88be in main /home/zzt/Fuzzing/Victims/ASAN/tiff-4.0.8/tools/tiff2bw.c:258:28
> #2 0x7f293f0fdabf in __libc_start_main /build/glibc-qbmteM/glibc-2.21/csu/libc-start.c:289
>
> Direct leak of 1137 byte(s) in 1 object(s) allocated from:
> #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
> #1 0x54d6b6 in TIFFClientOpen /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_open.c:119
>
> Indirect leak of 81904 byte(s) in 1 object(s) allocated from:
> #0 0x4bbfd3 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
> #1 0x5ea2e9 in LZWSetupDecode /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_lzw.c:232
>
> Indirect leak of 2273 byte(s) in 5 object(s) allocated from:
> #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3
> #1 0x56f5db in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73
> #2 0x56f5db in _TIFFCheckMalloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:88
>
> Indirect leak of 1240 byte(s) in 2 object(s) allocated from:
> #0 0x4bc3d7 in realloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:98:3
> #1 0x56f430 in _TIFFCheckRealloc /home/zzt/Fuzzing/Victims/tiff-4.0.8/libtiff/tif_aux.c:73

## Versions:LibTIFF 4.0.8
## Impact:Denial of Service
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## References
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232
https://github.com/shelltdf/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close