CVE-2017-7602

Опубликовано: 09 апр. 2017

Источник: debian

EPSS Низкий

Описание

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tiff	fixed	4.0.7-6		package
tiff3	removed			package
tiff3	not-affected		wheezy	package

Примечания

https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes

EPSS

Процентиль: 66%

0.00515

Низкий

Связанные уязвимости

CVE-2017-7602

CVSS3: 7.8

ubuntu

почти 9 лет назад

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVE-2017-7602

CVSS3: 3.3

redhat

почти 9 лет назад

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVE-2017-7602

CVSS3: 7.8

nvd

почти 9 лет назад

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

GHSA-7xh9-cpwq-c77x

CVSS3: 7.8

github

больше 3 лет назад

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

openSUSE-SU-2017:2635-1

suse-cvrf

больше 8 лет назад

Security update for tiff

EPSS

Процентиль: 66%

0.00515

Низкий