CVE-2017-16232

Summary

CVE	CVE-2017-16232
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-03-21 15:59:00 UTC
Updated	2023-11-07 02:40:00 UTC
Description	DISPUTED LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

Risk And Classification

Problem Types: CWE-772

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libtiff	Libtiff	4.0.8	All	All	All
Application	Libtiff	Libtiff	4.0.8	All	All	All
Operating System	Opensuse	Leap	42.2	All	All	All
Operating System	Opensuse	Leap	42.3	All	All	All
Operating System	Opensuse	Leap	42.2	All	All	All
Operating System	Opensuse	Leap	42.3	All	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp2	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp3	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp2	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp3	All	All
Operating System	Suse	Linux Enterprise Server	12	sp2	All	All
Operating System	Suse	Linux Enterprise Server	12	sp2	All	All
Operating System	Suse	Linux Enterprise Server	12	sp3	All	All
Operating System	Suse	Linux Enterprise Server	12	sp2	All	All
Operating System	Suse	Linux Enterprise Server	12	sp2	All	All
Operating System	Suse	Linux Enterprise Server	12	sp3	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	sp2	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	sp3	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	sp2	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	sp3	All	All

References

Reference	Source	Link	Tags
Full Disclosure: Re: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)	MISC	seclists.org	Mailing List, Patch, Third Party Advisory
[security-announce] openSUSE-SU-2018:0097-1: important: Security update	MISC	lists.opensuse.org	Third Party Advisory
oss-security - CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks	MISC	www.openwall.com	Mailing List, Third Party Advisory
LibTIFF CVE-2017-16232 Multiple Local Memory Corruption Vulnerabilities	MISC	www.securityfocus.com	Third Party Advisory, VDB Entry
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks	MISC	www.openwall.com	Mailing List, Third Party Advisory
Full Disclosure: LibTIFF 4.0.8 has multiple memory leak vulnerabilities (CVE-2017-16232)	MISC	seclists.org	Mailing List, Patch, Third Party Advisory
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks	MISC	www.openwall.com	Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2018:0073-1: important: Security update for	MISC	lists.opensuse.org	Third Party Advisory
oss-security - Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks	MISC	www.openwall.com	Mailing List, Third Party Advisory
LibTIFF 4.0.8 Memory Leak ≈ Packet Storm	MISC	packetstormsecurity.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

500696 Alpine Linux Security Update for tiff
504465 Alpine Linux Security Update for tiff
670306 EulerOS Security Update for compat-libtiff3 (EulerOS-SA-2021-1770)