CVE-2017-9937: In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can...
6.5
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The analysis is based on the vulnerability description and the detailed stack trace provided in the Bugzilla report (http://bugzilla.maptools.org/show_bug.cgi?id=2707). The vulnerability is a memory allocation failure in the libjbig
library, specifically in the jbg_dec_in
function. LibTIFF's JBIGDecode
function in tif_jbig.c
calls jbg_dec_in
. When a crafted TIFF file is processed, JBIGDecode
invokes jbg_dec_in
which then fails due to an attempt to allocate an excessive amount of memory, leading to a program abort and denial of service. The NVD description also points to tif_jbig.c
. Thus, JBIGDecode
is the primary LibTIFF function involved in triggering the vulnerability. TIFFReadEncodedStrip
is also included as it's a direct caller of JBIGDecode
in the exploit path shown in the stack trace.