Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-11335

Published: 17/07/2017 Updated: 22/03/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 4.0.8

Vendor Advisories

Ubuntu Security Notice: tiff vulnerabilities
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-4100-1 tiff -- security update
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 403-123+deb8u5 For the stable distribution (stretch), these problems have been fixed in version ...
Debian CVElist Bug Report Logs: tiff: CVE-2017-11335: tiff2pdf: heap based buffer write overflow
Debian Bug report logs - #868513 tiff: CVE-2017-11335: tiff2pdf: heap based buffer write overflow Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Jul 2017 09:45:02 UTC Severity: important Tags: fixed-upstream, ...
Debian CVElist Bug Report Logs: exiv2: CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340
Debian Bug report logs - #868578 exiv2: CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340 Package: exiv2; Maintainer for exiv2 is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for exiv2 is src:exiv2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...
Debian CVElist Bug Report Logs: tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf
Debian Bug report logs - #866109 tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Jun 2017 12:21:01 UTC Severity: grave Tags: fixed-upstream, sec ...
Red Hat: CVE-2017-11335
A heap-based buffer overflow flaw was found within libtiff's tiff2pdf tool A remote attacker could potentially exploit this flaw to execute arbitrary code by tricking a user into converting a specially crafted file using the tiff2pdf tool ...

References

CWE-787http://bugzilla.maptools.org/show_bug.cgi?id=2715https://www.debian.org/security/2018/dsa-4100https://usn.ubuntu.com/3602-1/https://nvd.nist.govhttps://usn.ubuntu.com/3602-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook