PT-2017-16576 · None+2 · Libtiff+2

Wang Junjie

Publicado

2017-01-23

Atualizado

2026-03-31

CVE-2017-5563

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.7

Description The issue is related to a heap-based buffer over-read in the tif lzw.c file, which can result in denial of service (DoS) or code execution. This can be triggered by a crafted bmp image when using the tools/bmp2tiff utility.

Recommendations For LibTIFF version 4.0.7, consider avoiding the use of crafted bmp images with the bmp2tiff tool until a patch is available. As a temporary workaround, restrict access to the tif lzw.c function to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

AZL-45150

CVE-2017-5563

ECHO-9A38-E230-2936

USN-3606-1

Produtos afetados

Debian

Libtiff

Ubuntu

PT-2017-16576 · None+2 · Libtiff+2

CVE-2017-5563

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26