CVE-2019-17546

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17546
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17546.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-17546
Downstream
Related
Published
2019-10-14T02:15:11Z
Modified
2025-11-05T14:05:17.770090Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4bb584a35f87af42d6cf09d15e9ce8909a839145

Affected versions

v3.*

v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2

v4.*

v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145",
        "id": "CVE-2019-17546-499630d3",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "50314255360075743381370618226419040168",
                "147996042684394466160825238031173201932",
                "216347886479888333818319963431058946958",
                "227259134274644909625055913232180722396",
                "335055123248748600498409573556097424624",
                "232390112080550266351072681456527729521",
                "124832025051980472152268608687821976930",
                "296267870577168117343331050571176273226",
                "337715400079420704174535570240020153182",
                "322808233241505110111029296080694483084",
                "122663479745365734742884887075693943877",
                "249104452817868856920817106440107819819",
                "7556717118070044593443244902210155604",
                "155176244704659496108262440467802971582",
                "50314255360075743381370618226419040168",
                "147996042684394466160825238031173201932",
                "216347886479888333818319963431058946958",
                "44877419740658826471618855814233595805",
                "20934612387377722595252555647733985242",
                "327544897504680952593502840045474641223",
                "21017194213035054831474866045044483846",
                "48729565223660970023887123425793524932",
                "71587689631004948328055076545244766774",
                "23937619777270361079955471568415795413",
                "225754318235825313006360146876557465974",
                "31248908127199979053914006728083293434",
                "137790553370280051313268943005354097938",
                "46370810345324251263374688046739462884",
                "24746752993132862047395894286621218117",
                "251438209822123282319113162913010255185",
                "304447688590098546357830929786587490686",
                "218711519559321624260111420343643373675",
                "93325942034544067608272313779025820146",
                "170575637538178577789931250198818110871",
                "115517165682863422386747204092925360829",
                "298969664572829983949848455592094136710",
                "334012906058280202115615622509615934641",
                "83093465928984669926061122649559258316",
                "336101662206477233547312587674674748788",
                "29357346722681675610186019431767771351",
                "173838915507603890673395450538174543811",
                "216214198718225440991872379479221614996",
                "146915746041639131815056362637438619292"
            ]
        },
        "target": {
            "file": "libtiff/tif_getimage.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145",
        "id": "CVE-2019-17546-9b07e6d7",
        "digest": {
            "function_hash": "78016007190319347124015370103188596731",
            "length": 3032.0
        },
        "target": {
            "function": "gtStripSeparate",
            "file": "libtiff/tif_getimage.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145",
        "id": "CVE-2019-17546-c3467aaa",
        "digest": {
            "function_hash": "47315715725916741801927560306563235140",
            "length": 1887.0
        },
        "target": {
            "function": "gtStripContig",
            "file": "libtiff/tif_getimage.c"
        }
    }
]

Git / github.com/osgeo/gdal

Affected ranges

Type
GIT
Repo
https://github.com/osgeo/gdal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
21674033ee246f698887604c7af7ba1962a40ddf

Affected versions

v2.*

v2.3.0beta1
v2.4.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf",
        "id": "CVE-2019-17546-0f3c33e8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "50314255360075743381370618226419040168",
                "147996042684394466160825238031173201932",
                "216347886479888333818319963431058946958",
                "227259134274644909625055913232180722396",
                "335055123248748600498409573556097424624",
                "232390112080550266351072681456527729521",
                "124832025051980472152268608687821976930",
                "296267870577168117343331050571176273226",
                "337715400079420704174535570240020153182",
                "322808233241505110111029296080694483084",
                "122663479745365734742884887075693943877",
                "249104452817868856920817106440107819819",
                "7556717118070044593443244902210155604",
                "155176244704659496108262440467802971582",
                "50314255360075743381370618226419040168",
                "147996042684394466160825238031173201932",
                "216347886479888333818319963431058946958",
                "44877419740658826471618855814233595805",
                "20934612387377722595252555647733985242",
                "327544897504680952593502840045474641223",
                "21017194213035054831474866045044483846",
                "48729565223660970023887123425793524932",
                "71587689631004948328055076545244766774",
                "23937619777270361079955471568415795413",
                "225754318235825313006360146876557465974",
                "31248908127199979053914006728083293434",
                "137790553370280051313268943005354097938",
                "46370810345324251263374688046739462884",
                "24746752993132862047395894286621218117",
                "251438209822123282319113162913010255185",
                "304447688590098546357830929786587490686",
                "218711519559321624260111420343643373675",
                "93325942034544067608272313779025820146",
                "170575637538178577789931250198818110871",
                "115517165682863422386747204092925360829",
                "298969664572829983949848455592094136710",
                "334012906058280202115615622509615934641",
                "83093465928984669926061122649559258316",
                "336101662206477233547312587674674748788",
                "29357346722681675610186019431767771351",
                "173838915507603890673395450538174543811",
                "216214198718225440991872379479221614996",
                "146915746041639131815056362637438619292"
            ]
        },
        "target": {
            "file": "gdal/frmts/gtiff/libtiff/tif_getimage.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf",
        "id": "CVE-2019-17546-619747a3",
        "digest": {
            "function_hash": "78016007190319347124015370103188596731",
            "length": 3032.0
        },
        "target": {
            "function": "gtStripSeparate",
            "file": "gdal/frmts/gtiff/libtiff/tif_getimage.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf",
        "id": "CVE-2019-17546-9be222d2",
        "digest": {
            "function_hash": "47315715725916741801927560306563235140",
            "length": 1887.0
        },
        "target": {
            "function": "gtStripContig",
            "file": "gdal/frmts/gtiff/libtiff/tif_getimage.c"
        }
    }
]