CVE-2017-16232

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 15:59

Updated : 2024-08-05 21:15


NVD link : CVE-2017-16232

Mitre link : CVE-2017-16232

CVE.ORG link : CVE-2017-16232


JSON object : View

Products Affected

opensuse

  • leap

suse

  • linux_enterprise_server
  • linux_enterprise_software_development_kit
  • linux_enterprise_desktop

libtiff

  • libtiff
CWE
CWE-772

Missing Release of Resource after Effective Lifetime