{"id":"CVE-2019-17546","details":"tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition.","modified":"2026-04-16T04:32:50.032279266Z","published":"2019-10-14T02:15:11.107Z","related":["ALSA-2020:4634","SUSE-SU-2022:0480-1","SUSE-SU-2022:0496-1","openSUSE-SU-2022:0480-1","openSUSE-SU-2024:13381-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2020/Jan/32"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241220-0007/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-25"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4608"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4670"},{"type":"FIX","url":"https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf"},{"type":"FIX","url":"https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/osgeo/gdal","events":[{"introduced":"0"},{"last_affected":"df36f287cc9df9e2be176c41971f110cc2f18cd7"},{"fixed":"21674033ee246f698887604c7af7ba1962a40ddf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.1"}]}},{"type":"GIT","repo":"https://gitlab.com/libtiff/libtiff","events":[{"introduced":"0"},{"fixed":"e0d707dc1524d8c0e20f03396f234e0f1b07b3f4"},{"fixed":"4bb584a35f87af42d6cf09d15e9ce8909a839145"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1.0"}]}}],"versions":["v2.3.0beta1","v2.4.0","v3.0.0","v3.0.1","v3.5.3","v3.5.4","v3.5.5","v3.5.7","v3.6.0","v3.6.0beta2","v3.6.1","v3.7.0","v3.7.0alpha","v3.7.0beta","v3.7.0beta2","v3.7.1","v3.7.2","v3.7.3","v3.7.4","v3.8.0","v3.8.1","v3.8.2","v4.0.0","v4.0.0alpha","v4.0.0alpha4","v4.0.0alpha5","v4.0.0alpha6","v4.0.0beta7","v4.0.1","v4.0.10","v4.0.2","v4.0.3","v4.0.4","v4.0.4beta","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:42:22Z","vanir_signatures":[{"signature_version":"v1","target":{"file":"gdal/frmts/gtiff/libtiff/tif_getimage.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["50314255360075743381370618226419040168","147996042684394466160825238031173201932","216347886479888333818319963431058946958","227259134274644909625055913232180722396","335055123248748600498409573556097424624","232390112080550266351072681456527729521","124832025051980472152268608687821976930","296267870577168117343331050571176273226","337715400079420704174535570240020153182","322808233241505110111029296080694483084","122663479745365734742884887075693943877","249104452817868856920817106440107819819","7556717118070044593443244902210155604","155176244704659496108262440467802971582","50314255360075743381370618226419040168","147996042684394466160825238031173201932","216347886479888333818319963431058946958","44877419740658826471618855814233595805","20934612387377722595252555647733985242","327544897504680952593502840045474641223","21017194213035054831474866045044483846","48729565223660970023887123425793524932","71587689631004948328055076545244766774","23937619777270361079955471568415795413","225754318235825313006360146876557465974","31248908127199979053914006728083293434","137790553370280051313268943005354097938","46370810345324251263374688046739462884","24746752993132862047395894286621218117","251438209822123282319113162913010255185","304447688590098546357830929786587490686","218711519559321624260111420343643373675","93325942034544067608272313779025820146","170575637538178577789931250198818110871","115517165682863422386747204092925360829","298969664572829983949848455592094136710","334012906058280202115615622509615934641","83093465928984669926061122649559258316","336101662206477233547312587674674748788","29357346722681675610186019431767771351","173838915507603890673395450538174543811","216214198718225440991872379479221614996","146915746041639131815056362637438619292"]},"id":"CVE-2019-17546-0f3c33e8","source":"https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf","deprecated":false},{"signature_version":"v1","target":{"file":"libtiff/tif_getimage.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["50314255360075743381370618226419040168","147996042684394466160825238031173201932","216347886479888333818319963431058946958","227259134274644909625055913232180722396","335055123248748600498409573556097424624","232390112080550266351072681456527729521","124832025051980472152268608687821976930","296267870577168117343331050571176273226","337715400079420704174535570240020153182","322808233241505110111029296080694483084","122663479745365734742884887075693943877","249104452817868856920817106440107819819","7556717118070044593443244902210155604","155176244704659496108262440467802971582","50314255360075743381370618226419040168","147996042684394466160825238031173201932","216347886479888333818319963431058946958","44877419740658826471618855814233595805","20934612387377722595252555647733985242","327544897504680952593502840045474641223","21017194213035054831474866045044483846","48729565223660970023887123425793524932","71587689631004948328055076545244766774","23937619777270361079955471568415795413","225754318235825313006360146876557465974","31248908127199979053914006728083293434","137790553370280051313268943005354097938","46370810345324251263374688046739462884","24746752993132862047395894286621218117","251438209822123282319113162913010255185","304447688590098546357830929786587490686","218711519559321624260111420343643373675","93325942034544067608272313779025820146","170575637538178577789931250198818110871","115517165682863422386747204092925360829","298969664572829983949848455592094136710","334012906058280202115615622509615934641","83093465928984669926061122649559258316","336101662206477233547312587674674748788","29357346722681675610186019431767771351","173838915507603890673395450538174543811","216214198718225440991872379479221614996","146915746041639131815056362637438619292"]},"id":"CVE-2019-17546-499630d3","source":"https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145","deprecated":false},{"signature_version":"v1","signature_type":"Function","target":{"function":"gtStripSeparate","file":"gdal/frmts/gtiff/libtiff/tif_getimage.c"},"digest":{"length":3032,"function_hash":"78016007190319347124015370103188596731"},"id":"CVE-2019-17546-619747a3","source":"https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf","deprecated":false},{"signature_version":"v1","target":{"function":"gtStripSeparate","file":"libtiff/tif_getimage.c"},"signature_type":"Function","digest":{"length":3032,"function_hash":"78016007190319347124015370103188596731"},"id":"CVE-2019-17546-9b07e6d7","source":"https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145","deprecated":false},{"signature_version":"v1","target":{"function":"gtStripContig","file":"gdal/frmts/gtiff/libtiff/tif_getimage.c"},"signature_type":"Function","digest":{"length":1887,"function_hash":"47315715725916741801927560306563235140"},"id":"CVE-2019-17546-9be222d2","source":"https://github.com/osgeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf","deprecated":false},{"signature_version":"v1","target":{"function":"gtStripContig","file":"libtiff/tif_getimage.c"},"signature_type":"Function","digest":{"length":1887,"function_hash":"47315715725916741801927560306563235140"},"id":"CVE-2019-17546-c3467aaa","source":"https://gitlab.com/libtiff/libtiff@4bb584a35f87af42d6cf09d15e9ce8909a839145","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17546.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}