CVE-2017-5563 — Out-of-bounds Read in Libtiff

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 42.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 23

Latest updateMay 13

Description

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.7

▶debiandebian/tiff< tiff 4.0.7-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-qvg6-9fpw-3vw9: LibTIFF version 4↗2022-05-13

▶

OSV

CVE-2017-5563: LibTIFF version 4↗2017-01-23

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2018-03-26

▶

Red Hat

libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c↗2017-01-18

▶

Debian

CVE-2017-5563: tiff - LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw....↗2017

▶

💬Community

Bugzilla

CVE-2017-5563 libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c↗2017-01-24

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 mingw-libtiff: various flaws [epel-7]↗2017-01-04

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 mingw-libtiff: various flaws [fedora-all]↗2017-01-04

▶

Bugzilla

CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-5225 CVE-2017-5563 libtiff: various flaws [fedora-all]↗2017-01-04

▶