Published: 21/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.7
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
canonical ubuntu linux 16.04

Debian Bug report logs - #864078 openexr: CVE-2017-9110 CVE-2017-9112 CVE-2017-9116 Package: src:openexr; Maintainer for src:openexr is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 4 Jun 2017 06:48:02 UTC Severity: grave Tag ...

Debian Bug report logs - #873885 openexr: CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 Package: src:openexr; Maintainer for src:openexr is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 4 Jun 2017 06:48:02 UTC Sever ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

In LibTIFF 407, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff ...

CWE-125 http://bugzilla.maptools.org/show_bug.cgi?id=2690 http://www.securityfocus.com/bid/98581 https://usn.ubuntu.com/3606-1/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 https://usn.ubuntu.com/3606-1/

CVE-2017-9117

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect