CVE-2017-7595Divide By Zero in Tiff

CWE-369Divide By Zero10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 36.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedApr 9
Latest updateMay 14

Description

The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.7
debiandebian/tiff< tiff 4.0.7-6 (bookworm)

Patches

Patch: blogs.gentoo.orgPatch: blogs.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-rmg3-42qr-2vrh: The JPEGSetupEncode function in tiff_jpeg2022-05-14
OSV
CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg2017-04-09

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c)2017-04-09
Debian
CVE-2017-7595: tiff - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attac...2017

💬Community

4
Bugzilla
CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 libtiff: various flaws [fedora-all]2017-04-11
Bugzilla
CVE-2017-7595 libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c)2017-04-11
Bugzilla
mingw-libtiff: various flaws [epel-7]2017-04-03
Bugzilla
mingw-libtiff: various flaws [fedora-all]2017-04-03