Lucene search

[email protected]CVE-2017-5563

HistoryJan 23, 2017 - 7:59 a.m.

CVE-2017-5563

2017-01-2307:59:00

CWE-125

[email protected]

web.nvd.nist.gov

libtiff

cve-2017-5563

heap-based buffer over-read

tif_lzw.c

bmp image

dos

code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

CPENameOperatorVersion
libtiff:libtifflibtiffeq4.0.7

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	4.0.7

References

bugzilla.maptools.org/show_bug.cgi?id=2664

www.securityfocus.com/bid/95705

security.gentoo.org/glsa/201709-27

usn.ubuntu.com/3606-1/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2017-5563

osv1 nessus8 openvas8 prion1 ubuntucve2 debiancve1 redhatcve1 fedora1 cloudfoundry1 ubuntu1 gentoo1 ibm2