header-logo
Suggest Exploit
vendor:
TIFF2PS/TIFF2PDF
by:
OWL337
7,5
CVSS
HIGH
Memory Leak
401
CWE
Product Name: TIFF2PS/TIFF2PDF
Affected Version From: <=4.0.8
Affected Version To: <=4.0.8
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Memory Leak in TIFF2PS/TIFF2PDF

A memory leak vulnerability was discovered in TIFF2PS/TIFF2PDF, which is triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”. The asan debug information shows that 1792 bytes in 7 objects and 170491316224 bytes in 223 objects were leaked. This vulnerability affects versions <=4.0.8.

Mitigation:

Upgrade to the latest version of TIFF2PS/TIFF2PDF.
Source

Exploit-DB raw data:

Source: http://bugzilla.maptools.org/show_bug.cgi?id=2706

Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”

Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”

The asan debug information is below:

$./tiff2ps $POC  


=================================================================
==26627==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1792 byte(s) in 7 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)

Indirect leak of 170491316224 byte(s) in 223 object(s) allocated from:
    #0 0x7f7c4f1a19aa in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa)
    #1 0x7f7c4dca72fd  (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd)
    #2 0x3ea  (<unknown module>)

SUMMARY: AddressSanitizer: 170491318016 byte(s) leaked in 230 allocation(s).


Affected version:
<=the Latest version (4.0.8)


Credits:

This vulnerability is detected by team OWL337, with our custom fuzzer coll AFL.
Please contact ganshuitao@gmail.com  and chaoz@tsinghua.edu.cn if you need more
info about the team, the tool or the vulnerability.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42300.zip

Navigation

Suggest Exploit

Services By CQR