Denial of Service Vulnerability in LibTIFF by EcoGraphics
CVE-2017-10688

7.5HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 29 June 2017

What is CVE-2017-10688?

The vulnerability exists in LibTIFF version 4.0.8 within the TIFFWriteDirectoryTagCheckedLong8Array function located in tif_dirwrite.c. A specially crafted input can trigger an assertion abort, which results in a remote denial of service attack. This could potentially lead to service disruptions for applications relying on LibTIFF for handling TIFF files.

References

http://www.securityfocus.com/bid/99359

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/42299/

exploitx_refsource_EXPLOIT-DB

https://usn.ubuntu.com/3602-1/

vendor-advisoryx_refsource_UBUNTU

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2017
Vulnerability Reserved
Jun 29, 2017

Libtiff

What is CVE-2017-10688?

References

EPSS Score

CVSS V3.1

Timeline