You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=769) [details] testcase on libtiff 4.0.7 The OJPEGReadHeaderInfoSecTablesQTable function in tif_ojpeg.c:1770 allows remote attackers to cause a denial of service (memory leak) via a crafted file. #tiff2ps $FILE ================================================================= ==11260==ERROR: LeakSanitizer: detected memory leaks Direct leak of 73 byte(s) in 1 object(s) allocated from: #0 0x7f44f6f78bb8 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x45f0cd in _TIFFmalloc /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_unix.c:316 #2 0x4af1c7 in OJPEGReadHeaderInfoSecTablesQTable /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1770 #3 0x4abe74 in OJPEGReadHeaderInfoSec /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1360 #4 0x4a8c93 in OJPEGReadHeaderInfo /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1086 #5 0x4a4fca in OJPEGPreDecode /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:674 #6 0x452d6e in TIFFStartStrip /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:1023 #7 0x450b02 in TIFFFillStrip /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:647 #8 0x44ec16 in TIFFSeek /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:233 #9 0x44efe1 in TIFFReadScanline /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:300 #10 0x40bf41 in PSDataColorContig /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2449 #11 0x40ba1d in PSpage /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2347 #12 0x4087ce in TIFF2PS /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:1606 #13 0x40379a in main /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:473 #14 0x7f44f6184b34 in __libc_start_main (/lib64/libc.so.6+0x21b34) SUMMARY: AddressSanitizer: 73 byte(s) leaked in 1 allocation(s). testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-OJPEGReadHeaderInfoSecTablesQTable-tiff2ps-1.tif
I can reproduce with 4.0.7, but no longer with CVS HEAD.
(In reply to comment #0) > Created an attachment (id=769) [details] [details] > testcase > > on libtiff 4.0.7 > > The OJPEGReadHeaderInfoSecTablesQTable function in tif_ojpeg.c:1770 allows > remote attackers to cause a denial of service (memory leak) via a crafted file. > > #tiff2ps $FILE > > ================================================================= > ==11260==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 73 byte(s) in 1 object(s) allocated from: > #0 0x7f44f6f78bb8 in __interceptor_malloc > ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 > #1 0x45f0cd in _TIFFmalloc > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_unix.c:316 > #2 0x4af1c7 in OJPEGReadHeaderInfoSecTablesQTable > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1770 > #3 0x4abe74 in OJPEGReadHeaderInfoSec > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1360 > #4 0x4a8c93 in OJPEGReadHeaderInfo > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:1086 > #5 0x4a4fca in OJPEGPreDecode > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_ojpeg.c:674 > #6 0x452d6e in TIFFStartStrip > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:1023 > #7 0x450b02 in TIFFFillStrip > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:647 > #8 0x44ec16 in TIFFSeek > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:233 > #9 0x44efe1 in TIFFReadScanline > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_read.c:300 > #10 0x40bf41 in PSDataColorContig > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2449 > #11 0x40ba1d in PSpage > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:2347 > #12 0x4087ce in TIFF2PS > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:1606 > #13 0x40379a in main > /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2ps.c:473 > #14 0x7f44f6184b34 in __libc_start_main (/lib64/libc.so.6+0x21b34) > > SUMMARY: AddressSanitizer: 73 byte(s) leaked in 1 allocation(s). > > testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-OJPEGReadHeaderInfoSecTablesQTable-tiff2ps-1.tif Credit: ADLab of Venustech
For reference, this has been assigned CVE-2017-9404.