Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-9117

Опубликовано: 21 мая 2017
Источник: ubuntu
Приоритет: low
CVSS2: 7.5
CVSS3: 4

Описание

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

РелизСтатусПримечание
artful

not-affected

4.0.8-5
devel

not-affected

4.0.9-4
esm-infra-legacy/trusty

released

4.0.3-7ubuntu0.9
esm-infra/xenial

released

4.0.6-1ubuntu0.4
precise/esm

ignored

trusty

released

4.0.3-7ubuntu0.9
trusty/esm

released

4.0.3-7ubuntu0.9
upstream

needs-triage

vivid/stable-phone-overlay

ignored

end of life
vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

7.5 High

CVSS2

4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-9117

CVSS3: 3.3
redhat
почти 9 лет назад

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

nvd логотип

CVE-2017-9117

CVSS3: 4
nvd
больше 8 лет назад

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

debian логотип

CVE-2017-9117

CVSS3: 4
debian
больше 8 лет назад

In LibTIFF 4.0.6 and possibly other versions, the program processes BM ...

github логотип

GHSA-v898-4vh8-7f99

CVSS3: 9.8
github
больше 3 лет назад

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

fstec логотип

BDU:2017-01835

fstec
больше 8 лет назад

Уязвимость компонента bmp2tiff библиотеки LibTIFF, позволяющая нарушителю получить доступ на чтение данных за границами буфера, выделенного в динамической памяти

7.5 High

CVSS2

4 Medium

CVSS3