Heap-Based Buffer Over-Read in LibTIFF Affecting Multiple Versions
CVE-2017-17942

8.8HIGH

Key Information:

Vendor: Libtiff
Status: Libtiff
Vendor: CVE Published:; 28 December 2017

What is CVE-2017-17942?

A heap-based buffer over-read vulnerability exists in the LibTIFF 4.0.9 library within the PackBitsEncode function in tif_packbits.c. This flaw can be exploited to disclose sensitive information and may compromise application stability. Proper handling and validation of input data are crucial to mitigate the risks associated with this vulnerability. Developers and system administrators are encouraged to review affected systems and apply relevant updates to ensure robust security.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2767

x_refsource_MISC

http://www.securityfocus.com/bid/102312

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2017
Vulnerability Reserved
Dec 28, 2017

Libtiff

What is CVE-2017-17942?

References

CVSS V3.1

Timeline