CVE-2017-9117

ADVISORY - nist

Summary

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

EPSS Score⁠: 0.00623 (0.793)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125⁠

Out-of-bounds Read

ADVISORY - redhat

CWE-125⁠

Out-of-bounds Read

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

5 years ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-125⁠

CVSS SCORE

9.8critical

Debian

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8low

Red Hat

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-125⁠

CVSS SCORE

3.3medium

SUSE

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-9117⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY