CVE-2017-9937

Priority
Description
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted
TIFF document can lead to an abort resulting in a remote denial of service
attack.
Notes
mdeslaurreported in libtiff, but issue lies in jbigkit
as of 2018-03-22, no fix available

this is a DoS only and is caused by the fact that jbigkit
handles failed memory allocations with abort(). (See
checked_malloc()). Fixing this properly would likely require
changing the library ABI.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2018-03-22)
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2018-03-22)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2018-03-22)
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):deferred (2018-03-22)
Ubuntu 20.04 (Focal Fossa):deferred (2018-03-22)
More Information

Updated: 2020-01-23 20:34:54 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)