vulnerability
Arch Linux: Denial of service (CVE-2017-11613)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jul 26, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jul 26, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-11613
- https://attackerkb.com/topics/CVE-2017-11613
- URL-http://www.securityfocus.com/bid/99977
- URL-https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
- URL-https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html
- URL-https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html
- URL-https://security.archlinux.org/ASA-201811-17
- URL-https://security.archlinux.org/ASA-201811-18
- URL-https://usn.ubuntu.com/3606-1/
- URL-https://www.debian.org/security/2018/dsa-4349
- CWE-20
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.