Main Vulnerability Database SB2017042525

SB2017042525 - Input validation error in tiff (Alpine package)

Published: April 25, 2017

Security Bulletin ID SB2017042525

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2017-7596)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ea14bc786962a30f943aea7ceceb4804f7b5ec9a
https://git.alpinelinux.org/aports/commit/?id=6fc5e083a79961213cb7151c39372e5dee115a45
https://git.alpinelinux.org/aports/commit/?id=b782af4d8b8c365ef6b066128f905e5ba580cc5b
https://git.alpinelinux.org/aports/commit/?id=f27c940eb7d081d6b511176fe4e0a8c1b131a2de
https://git.alpinelinux.org/aports/commit/?id=ff2e7d109f90f775c735acb314bf37b0008f428c
https://git.alpinelinux.org/aports/commit/?id=09b187444459efedfd8a766c4883fcd6867d203d
https://git.alpinelinux.org/aports/commit/?id=018ecfdea887aa04eb330fe2210c4846a8a38653
https://git.alpinelinux.org/aports/commit/?id=4a95ad60e8095c301cba376cf24886a801e34261
https://git.alpinelinux.org/aports/commit/?id=b39c44a524a6e619c9858717cca0a65e6c2e5873
https://git.alpinelinux.org/aports/commit/?id=dd8f891e03d6c9f13592cb40f786b4528af87e68
https://git.alpinelinux.org/aports/commit/?id=e15563722661317524ce09b3698bdb765f165d9b