Source: jbigkit Version: 2.1-3.1 Severity: important Tags: upstream security
Hi, the following vulnerability was published for jbigkit. CVE-2017-9937[0]: | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A | crafted TIFF document can lead to an abort resulting in a remote denial | of service attack. Note, that originally the issue has been reported for LibTIFF project, [1], but as shown in [2] the issue lies in jbigkit itself. It can be seen either with an ASAN build, or under valgrind: ==10811== Memcheck, a memory error detector ==10811== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==10811== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info ==10811== Command: ./jbigkit-2.1/pbmtools/jbgtopbm ./poc2_only_jbig_content ==10811== ==10811== ==10811== Process terminating with default action of signal 6 (SIGABRT) ==10811== at 0x5078FCF: raise (raise.c:51) ==10811== by 0x507A3F9: abort (abort.c:89) ==10811== by 0x4E3944C: ??? (in /usr/lib/x86_64-linux-gnu/libjbig.so.0) ==10811== by 0x4E3EB79: jbg_dec_in (in /usr/lib/x86_64-linux-gnu/libjbig.so.0) ==10811== by 0x109233: main (jbgtopbm.c:407) ==10811== ==10811== HEAP SUMMARY: ==10811== in use at exit: 17,192 bytes in 14 blocks ==10811== total heap usage: 15 allocs, 1 frees, 21,288 bytes allocated ==10811== ==10811== LEAK SUMMARY: ==10811== definitely lost: 0 bytes in 0 blocks ==10811== indirectly lost: 0 bytes in 0 blocks ==10811== possibly lost: 0 bytes in 0 blocks ==10811== still reachable: 17,192 bytes in 14 blocks ==10811== suppressed: 0 bytes in 0 blocks ==10811== Rerun with --leak-check=full to see details of leaked memory ==10811== ==10811== For counts of detected and suppressed errors, rerun with: -v ==10811== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Aborted If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9937 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937 [1] http://bugzilla.maptools.org/show_bug.cgi?id=2707 [2] http://bugzilla.maptools.org/show_bug.cgi?id=2707#c8 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
