Bug 2706 - CVE-2017-9936: There is a memory leak in tif_jbig.c of the libtiff library.
: CVE-2017-9936: There is a memory leak in tif_jbig.c of the libtiff library.
Status: RESOLVED FIXED
: libtiff
default
: unspecified
: PC Windows NT
: P1 blocker
: ---
Assigned To:
:
:
:
:
:
  Show dependency treegraph
 
Reported: 2017-06-26 03:24 by
Modified: 2017-06-30 10:29 (History)


Attachments
Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” (2.43 KB, application/octet-stream)
2017-06-26 03:24, owl337
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2017-06-26 03:24:38
Created an attachment (id=790) [details]
Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”

Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”

The asan debug information is below:

$./tiff2ps $POC  


=================================================================
==26627==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1792 byte(s) in 7 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)

Indirect leak of 170491316224 byte(s) in 223 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)

SUMMARY: AddressSanitizer: 170491318016 byte(s) leaked in 230 allocation(s).


Affected version:
<=the Latest version (4.0.8)


Credits:

This vulnerability is detected by team OWL337, with our custom fuzzer coll AFL.
Please contact ganshuitao@gmail.com  and chaoz@tsinghua.edu.cn if you need more
info about the team, the tool or the vulnerability.
------- Comment #1 From 2017-06-26 10:20:07 -------
Fixed per

2017-06-26  Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_jbig.c: fix memory leak in error code path of
JBIGDecode()
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
        Reported by team OWL337

/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1254; previous revision: 1.1253
/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v  <--  libtiff/tif_jbig.c
new revision: 1.16; previous revision: 1.15
------- Comment #2 From 2017-06-27 01:59:04 -------
CVE-2017-9936 has been assigned for this.