CVE-2017-16232

CWE-772 CWE-200 — Information Exposure10 documents7 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Libtiff Opensuse Leap Suse Linux Enterprise Desktop +2 more

Timeline

PublishedMar 21

Latest updateMay 13

Description

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDlibtiff/libtiff4.0.8

▶NVDopensuse/leap42.2, 42.3+1

▶NVDsuse/linux_enterprise_server12

▶NVDsuse/linux_enterprise_desktop12

▶NVDsuse/linux_enterprise_software_development_kit12

Patches

Patch: seclists.org ↗Patch: seclists.org ↗Patch: seclists.org ↗

🔴Vulnerability Details

GHSA

GHSA-7vph-w5xf-wrvp: ** DISPUTED ** LibTIFF 4↗2022-05-13

▶

OSV

CVE-2017-16232: LibTIFF 4↗2019-03-21

▶

CVEList

CVE-2017-16232: LibTIFF 4↗2019-03-17

▶

📋Vendor Advisories

Red Hat

libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c↗2017-11-01

▶

Debian

CVE-2017-16232: tiff - LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to...↗2017

▶

💬Community

Bugzilla

CVE-2017-16232 libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c↗2017-11-22

▶

Bugzilla

CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-16232 mingw-libtiff: various flaws [fedora-all]↗2017-07-24

▶

Bugzilla

CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-16232 mingw-libtiff: various flaws [epel-7]↗2017-07-24

▶

Bugzilla

CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 CVE-2017-16232 libtiff: various flaws [fedora-all]↗2017-07-24

▶