CVE-2017-9117

ADVISORY - nist

Summary

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

EPSS Score⁠: 0.00098 (0.282)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125⁠

Out-of-bounds Read

ADVISORY - redhat

CWE-125⁠

Out-of-bounds Read

Impacted images

Advisories

NIST

CREATED

8 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4medium

Debian

CREATED

8 years ago

UPDATED

19 days ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

8 years ago

UPDATED

13 hours ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8low

Red Hat

CREATED

8 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

3.3medium

intheWild

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY