CVE-2017-17973

SOURCE - nist

Summary

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

EPSS Score⁠: 0.00482 (0.759)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-416⁠

Use After Free

SOURCE - redhat

CWE-416⁠

Use After Free

Sources (6)

Impacted images

debian

CREATED

6 years ago

UPDATED

3 months ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/tiff	deb	debian	12	>=4.5.0-6+deb12u1	Not yet available
debian/tiff	deb	debian	unstable	>=4.5.1+git230720-4	Not yet available
debian/tiff	deb	debian	10	>=4.1.0+git191117-2~deb10u4	Not yet available
debian/tiff	deb	debian	11	>=4.2.0-1+deb11u5	Not yet available
debian/tiff	deb	debian	13	>=4.5.1+git230720-4	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

6 years ago

UPDATED

3 days ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-416⁠

CVSS SCORE

8.8high

ubuntu

CREATED

6 years ago

UPDATED

1 month ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8medium

redhat

CREATED

6 years ago

UPDATED

10 months ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-416⁠

CVSS SCORE

7.5medium

suse

CREATED

6 years ago

UPDATED

8 months ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

inthewild

CREATED

10 months ago

UPDATED

10 months ago

SOURCE IDCVE-2017-17973⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE