CVE-2017-17973

Опубликовано: 29 дек. 2017

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

Отчет

Red Hat engineering was unable to reproduce this issue. Also there was no update from upstream about the ability to validate this bug. As a result there would be no fixes available for this CVE.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Not affected
Red Hat Enterprise Linux 6	libtiff	Not affected
Red Hat Enterprise Linux 7	libtiff	Not affected
Red Hat Enterprise Linux 8	libtiff	Not affected
Red Hat Enterprise Linux 9	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1530912libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc

EPSS

Процентиль: 65%

0.00486

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-17973

CVSS3: 8.8

ubuntu

около 8 лет назад

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

CVE-2017-17973

CVSS3: 8.8

nvd

около 8 лет назад

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

CVE-2017-17973

CVSS3: 8.8

debian

около 8 лет назад

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writ ...

GHSA-pf49-rpj2-8mg3

CVSS3: 8.8

github

больше 3 лет назад

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

openSUSE-SU-2018:1204-1

suse-cvrf

больше 7 лет назад

Security update for tiff

EPSS

Процентиль: 65%

0.00486

Низкий

7.5 High

CVSS3