Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-9935

Published: 26/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 17.10

debian debian linux 7.0

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf
Debian Bug report logs - #866109 tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Jun 2017 12:21:01 UTC Severity: grave Tags: fixed-upstream, sec ...
Ubuntu Security Notice: tiff vulnerabilities
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-4100-1 tiff -- security update
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 403-123+deb8u5 For the stable distribution (stretch), these problems have been fixed in version ...
Red Hat: CVE-2017-9935
In LibTIFF 408, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdfc This heap overflow could lead to different damages For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free ...
Arch Linux Issues:
In LibTIFF before 4010, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdfc This heap overflow could lead to different damages For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a dou ...

References

CWE-125http://bugzilla.maptools.org/show_bug.cgi?id=2704http://www.securityfocus.com/bid/99296https://www.debian.org/security/2018/dsa-4100https://lists.debian.org/debian-lts-announce/2017/12/msg00008.htmlhttps://usn.ubuntu.com/3606-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109https://nvd.nist.govhttps://usn.ubuntu.com/3606-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook