Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-17095 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

8.8HIGHNVD

EPSS

4.0%

top 11.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Tiff Libtiff

Timeline

PublishedDec 2

Latest updateMay 14

Description

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.9

▶debiandebian/tiff< tiff 4.0.9-5 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-v9h2-67w5-wp47: tools/pal2rgb↗2022-05-14

▶

OSV

CVE-2017-17095: tools/pal2rgb↗2017-12-02

▶

💥Exploits & PoCs

Exploit-DB

LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow↗2017-12-11

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2018-03-26

▶

Red Hat

libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service↗2017-11-29

▶

Debian

CVE-2017-17095: tiff - tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a d...↗2017

▶

💬Community

Bugzilla

CVE-2017-17095 libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service↗2017-12-11

▶

Bugzilla

CVE-2017-17095 libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service [fedora-all]↗2017-12-11

▶