CVE-2017-5225 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow12 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 23.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 12

Latest updateMay 17

Description

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.7

▶debiandebian/tiff< tiff 4.0.7-5 (bookworm)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rgrw-hm5r-cxr3: LibTIFF version 4↗2022-05-17

▶

OSV

CVE-2017-5225: LibTIFF version 4↗2017-01-12

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2017-08-07

▶

Ubuntu

LibTIFF vulnerabilities↗2017-02-27

▶

Red Hat

libtiff: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value↗2017-01-12

▶

Debian

CVE-2017-5225: tiff - LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffc...↗2017

▶

💬Community

Bugzilla

CVE-2017-12158 keycloak: reflected XSS using HOST header↗2017-09-06

▶

Bugzilla

CVE-2017-5225 libtiff: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value↗2017-01-12

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 mingw-libtiff: various flaws [epel-7]↗2017-01-04

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 mingw-libtiff: various flaws [fedora-all]↗2017-01-04

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 libtiff: various flaws [fedora-all]↗2017-01-04

▶