CVE-2017-5563

Опубликовано: 18 янв. 2017

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Will not fix
Red Hat Enterprise Linux 6	libtiff	Will not fix
Red Hat Enterprise Linux 7	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 7	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1416109libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c

EPSS

Процентиль: 57%

0.00354

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-5563

CVSS3: 8.8

ubuntu

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

CVE-2017-5563

CVSS3: 8.8

nvd

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

CVE-2017-5563

CVSS3: 8.8

debian

около 9 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...

GHSA-qvg6-9fpw-3vw9

CVSS3: 8.8

github

больше 3 лет назад

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

EPSS

Процентиль: 57%

0.00354

Низкий

5.3 Medium

CVSS3