{ "containers": { "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-30T12:06:14.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443" }, { "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/32" }, { "name": "DSA-4608", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4608" }, { "name": "FEDORA-2020-2e9bd06377", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/" }, { "name": "FEDORA-2020-6f1209bb45", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/" }, { "name": "GLSA-202003-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-25" }, { "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html" }, { "name": "DSA-4670", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4670" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf", "refsource": "MISC", "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf" }, { "name": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145", "refsource": "MISC", "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145" }, { "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443" }, { "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/32" }, { "name": "DSA-4608", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4608" }, { "name": "FEDORA-2020-2e9bd06377", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/" }, { "name": "FEDORA-2020-6f1209bb45", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/" }, { "name": "GLSA-202003-25", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-25" }, { "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html" }, { "name": "DSA-4670", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4670" } ] } } }, "adp": [ { "title": "CVE Program Container", "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443" }, { "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" }, { "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/32" }, { "name": "DSA-4608", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4608" }, { "name": "FEDORA-2020-2e9bd06377", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/" }, { "name": "FEDORA-2020-6f1209bb45", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/" }, { "name": "GLSA-202003-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-25" }, { "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html" }, { "name": "DSA-4670", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4670" }, { "url": "https://security.netapp.com/advisory/ntap-20241220-0007/" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-20T13:06:38.532Z" } } ] }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17546", "datePublished": "2019-10-14T01:07:02.000Z", "dateReserved": "2019-10-14T00:00:00.000Z", "dateUpdated": "2024-12-20T13:06:38.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }