CVE-2017-5225

Опубликовано: 12 янв. 2017

Источник: redhat

CVSS3: 7

Описание

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

Отчет

This is a heap-based buffer overflow in the tiffcp utility of libtiff. A specially-crafted image when processed via the tiffcp binary, could cause it to crash or execute arbitrary code with the permissions of the user running the utility.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Will not fix
Red Hat Enterprise Linux 6	libtiff	Will not fix
Red Hat Enterprise Linux 7	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 7	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1412716libtiff: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value

7 High

CVSS3

Связанные уязвимости

CVE-2017-5225

CVSS3: 9.8

ubuntu

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

CVE-2017-5225

CVSS3: 9.8

nvd

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

CVE-2017-5225

CVSS3: 9.8

debian

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the t ...

openSUSE-SU-2017:0512-1

suse-cvrf

почти 9 лет назад

Security update for tiff

SUSE-SU-2017:0453-1

suse-cvrf

почти 9 лет назад

Security update for tiff

7 High

CVSS3