Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
00117-libtiff-outside-short-tif_dirwrite
README.md

README.md

CVE/EDB ID

CVE-2017-7599

Experiment Environment

Ubuntu 14.04.5

INSTALL and Configuration

http://www.libtiff.org/build.html

Problems in Installation and Configuration

n/a

How to trigger vulnerability

tiffcp -i $FILE /tmp/foo

PoC

Inside the folder

Vulnerability Details and Patch

Root Cause

n/a

Stack Trace

runtime error: value 65280 is outside the range of representable values of type 'short'

Patch

https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490

References

https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes/

You can’t perform that action at this time.