Lucene search

K

Ubuntu.comUB:CVE-2017-16232

HistoryMar 21, 2019 - 12:00 a.m.

CVE-2017-16232

2019-03-2100:00:00

ubuntu.com

ubuntu.com

12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

DISPUTED LibTIFF 4.0.8 has multiple memory leak vulnerabilities,
which allow attackers to cause a denial of service (memory consumption), as
demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties
were unable to reproduce the issue.

Notes

Author	Note
mdeslaur	fix only solves memory leak, but not high memory usage this CVE was disputed, marking as ignored

References

seclists.org/oss-sec/2017/q4/168

launchpad.net/bugs/cve/CVE-2017-16232

nvd.nist.gov/vuln/detail/CVE-2017-16232

security-tracker.debian.org/tracker/CVE-2017-16232

www.cve.org/CVERecord?id=CVE-2017-16232

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

Related for UB:CVE-2017-16232

redhatcve1 veracode1 alpinelinux1 cve1 prion1 debiancve1 nessus11 openvas11 suse2