Heap-based Buffer Overflow in LibTIFF Affects Multiple Platforms
CVE-2017-9935

8.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
26 June 2017

What is CVE-2017-9935?

In LibTIFF version 4.0.8, a vulnerability exists within the t2p_write_pdf function located in tools/tiff2pdf.c, resulting in a heap-based buffer overflow. This flaw is triggered when processing specially crafted TIFF documents, which may result in serious repercussions such as out-of-bounds reads, invalid memory frees, memory corruption, or double frees. Exploiting this vulnerability could lead to arbitrary code execution, potentially compromising the affected system.

References

https://usn.ubuntu.com/3606-1/
vendor-advisoryx_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2704
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2017/12/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.