PT-2017-3822 · Libtiff+6 · Libtiff+6

Jungun Baek

Published

2017-12-02

Updated

2025-05-08

CVE-2017-17095

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.9

Description The issue is related to a heap-based buffer overflow in the TIFFSetupStrips function of the LibTIFF library. This can be exploited by a remote attacker using a specially crafted TIFF file, potentially leading to a denial of service or other unspecified impacts.

Recommendations For LibTIFF version 4.0.9, consider avoiding the use of the TIFFSetupStrips function until a patch is available. As a temporary workaround, restrict the processing of TIFF files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025:4658

BDU:2019-03339

CESA-2025_4658

CVE-2017-17095

DLA-2009-1

DSA-4349-1

INFSA-2025_4658

MGASA-2018-0109

OPENSUSE-SU-2022:0480-1

OPENSUSE-SU-2022_0480-1

OPENSUSE-SU-2024:13381-1

RHSA-2023:6575

RHSA-2023_6575

RHSA-2025:4658

RHSA-2025_4658

SUSE-SU-2022:0480-1

SUSE-SU-2022:0496-1

SUSE-SU-2022_0480-1

SUSE-SU-2022_0496-1

USN-3606-1

Affected Products

Almalinux

Centos

Libtiff

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2017-3822 · Libtiff+6 · Libtiff+6

CVE-2017-17095

Weakness Enumeration

Related Identifiers

Affected Products

References · 173