Denial of Service Vulnerability in LibTIFF by DigiLabs
CVE-2017-7592

7.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
9 April 2017

What is CVE-2017-7592?

The putagreytile function in tif_getimage.c of LibTIFF version 4.0.7 presents an issue with left-shift undefined behavior. This flaw can be exploited by remote attackers using specially crafted image files, leading to potential application crashes and causing service disruptions. It raises serious concerns for image processing applications that rely on LibTIFF for handling image data.

References

http://www.debian.org/security/2017/dsa-3844
vendor-advisoryx_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2658
x_refsource_MISC
https://security.gentoo.org/glsa/201709-27
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.