Published: 12/01/2017 Updated: 04/11/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.7

Debian Bug report logs - #851297 tiff: CVE-2017-5225 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 13 Jan 2017 18:57:08 UTC Severity: important Tags: patch, security, upstream Found in versions tiff/403-123 ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

LibTIFF version 407 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value ...

CWE-119 https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 http://bugzilla.maptools.org/show_bug.cgi?id=2657 http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://www.securityfocus.com/bid/95413 http://www.securitytracker.com/id/1037911 https://security.gentoo.org/glsa/201709-27 http://www.debian.org/security/2017/dsa-3844 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851297 https://nvd.nist.gov https://usn.ubuntu.com/3212-4/

CVE-2017-5225

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect