CVE-2019-17546

Published: Oct 14, 2019

Modified: Dec 20, 2024

PUBLISHED

Description

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf

x_refsource_MISC

https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145

x_refsource_MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443

x_refsource_MISC

[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update

mailing-list

x_refsource_MLIST

20200121 [SECURITY] [DSA 4608-1] tiff security update

mailing-list

x_refsource_BUGTRAQ

DSA-4608

vendor-advisory

x_refsource_DEBIAN

FEDORA-2020-2e9bd06377

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-6f1209bb45

vendor-advisory

x_refsource_FEDORA

GLSA-202003-25

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update

mailing-list

x_refsource_MLIST

DSA-4670

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-17546

Description

Affected Products

References