[GHSA-7q7p-9gwx-6qr9] LibTIFF 4.0.7 has an "outside the range of representable... #5328

Crispy-fried-chicken · 2025-03-02T20:03:20Z

Updates

Affected products
Description
Summary

Comments
According to the description of the CVE-2017-7596, the affected version of the vulnerability is 4.0.7. However, based on the vulnerability code snippet, this vulnerability still exists in earlier versions, such as 4.0.4(https://github.com/libsdl-org/libtiff/blob/v4.0.4/libtiff/tif_dir.c). Please confirm. code sippet:

if( dblval < 0 )
goto badvaluedouble;
td->td_xresolution = (float) dblval;
break;
case TIFFTAG_YRESOLUTION:
dblval = va_arg(ap, double);
if( dblval < 0 )
goto badvaluedouble;
td->td_yresolution = (float) dblval;
break;
case TIFFTAG_PLANARCONFIG:
v = (uint16) va_arg(ap, uint16_vap);
if (v != PLANARCONFIG_CONTIG && v != PLANARCONFIG_SEPARATE)
goto badvalue;
td->td_planarconfig = (uint16) v;
break;

thank you!

shelbyc · 2025-03-03T13:25:31Z

Closed per #5327 (comment)

Improve GHSA-7q7p-9gwx-6qr9

5978c9e

github-actions bot changed the base branch from main to Crispy-fried-chicken/advisory-improvement-5328 March 2, 2025 20:04

shelbyc closed this Mar 3, 2025

github-actions bot deleted the Crispy-fried-chicken-GHSA-7q7p-9gwx-6qr9 branch March 3, 2025 13:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-7q7p-9gwx-6qr9] LibTIFF 4.0.7 has an "outside the range of representable... #5328

[GHSA-7q7p-9gwx-6qr9] LibTIFF 4.0.7 has an "outside the range of representable... #5328

Crispy-fried-chicken commented Mar 2, 2025

shelbyc commented Mar 3, 2025

[GHSA-7q7p-9gwx-6qr9] LibTIFF 4.0.7 has an "outside the range of representable... #5328

[GHSA-7q7p-9gwx-6qr9] LibTIFF 4.0.7 has an "outside the range of representable... #5328

Conversation

Crispy-fried-chicken commented Mar 2, 2025

shelbyc commented Mar 3, 2025