CVE-2017-14528

Priority
Description
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has
incorrect expectations about whether LibTIFF TIFFGetField return values
imply that data validation has occurred, which allows remote attackers to
cause a denial of service (use-after-free after an invalid call to
TIFFSetField, and application crash) via a crafted file.
Notes
mdeslaurcode not present in jessie
fix not identified as of 2020-01-06
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was deferred [2020-01-06])
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-01-06)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):not-affected (8:6.9.10.8+dfsg-1ubuntu2)
Ubuntu 19.10 (Eoan Ermine):not-affected (8:6.9.10.8+dfsg-1ubuntu2)
Ubuntu 20.04 (Focal Fossa):not-affected (8:6.9.10.8+dfsg-1ubuntu2)
More Information

Updated: 2020-01-21 15:14:26 UTC (commit 6f3abd9fda7c8f7e1d80211a7123eea5ed31f521)