Heap-Based Use-After-Free Vulnerability in LibTIFF by Open Source Developer
CVE-2017-17973

8.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
29 December 2017

What is CVE-2017-17973?

In LibTIFF version 4.0.8, a heap-based use-after-free vulnerability exists in the t2p_writeproc function within the tiff2pdf.c file. This flaw can potentially allow an attacker to manipulate memory, leading to unexpected behaviors or crashes. Although there are reports of the issue's existence, some attempts to replicate the vulnerability have failed, highlighting the complexities involved in its exploitation.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2769
x_refsource_MISC
https://bugzilla.novell.com/show_bug.cgi?id=1074318
x_refsource_MISC
http://www.securityfocus.com/bid/102331
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.