CVE-2017-16232
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
Known Affected Software
6 configuration(s) from 3 vendor(s)
libtiff
Version:
4.0.8
CPE:
cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*
leap
Version:
42.3
CPE:
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
leap
Version:
42.2
CPE:
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
linux_enterprise_software_development_kit
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
This vulnerability affects 6 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.htmlcve@mitre.org Third Party Advisory
-
http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.htmlcve@mitre.org Third Party Advisory VDB Entry
-
http://seclists.org/fulldisclosure/2018/Dec/32cve@mitre.org Mailing List Patch Third Party Advisory
-
http://seclists.org/fulldisclosure/2018/Dec/47cve@mitre.org Mailing List Patch Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/11cve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/3cve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/7cve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/8cve@mitre.org Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/101696cve@mitre.org Third Party Advisory VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://seclists.org/fulldisclosure/2018/Dec/32af854a3a-2127-422b-91ae-364da2661108 Mailing List Patch Third Party Advisory
-
http://seclists.org/fulldisclosure/2018/Dec/47af854a3a-2127-422b-91ae-364da2661108 Mailing List Patch Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/11af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/3af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/7af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/11/01/8af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/101696af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-772
Missing Release of Resource after Effective Lifetime
- Description
- The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- March 21, 2019
