CVE-2017-9117 — Out-of-bounds Read in Libtiff

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 70.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff Canonical Ubuntu Linux

Timeline

PublishedMay 21

Latest updateMay 13

Description

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5libtiff/libtiff4.0.6

▶NVDlibtiff/libtiff4.0.7

▶debiandebian/tiff< tiff 4.0.7-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-v898-4vh8-7f99: In LibTIFF 4↗2022-05-13

▶

OSV

CVE-2017-9117: In LibTIFF 4↗2017-05-21

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2018-03-26

▶

Red Hat

libtiff: Heap-based buffer over-read in bmp2tiff↗2017-05-07

▶

Debian

CVE-2017-9117: tiff - In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images w...↗2017

▶

💬Community

Bugzilla

CVE-2017-9117 mingw-libtiff: libtiff: Heap-based buffer over-read in bmp2tiff [epel-7]↗2017-05-30

▶

Bugzilla

CVE-2017-9117 libtiff: Heap-based buffer over-read in bmp2tiff [fedora-all]↗2017-05-30

▶

Bugzilla

CVE-2017-9117 libtiff: Heap-based buffer over-read in bmp2tiff↗2017-05-30

▶

Bugzilla

CVE-2017-9117 mingw-libtiff: libtiff: Heap-based buffer over-read in bmp2tiff [fedora-all]↗2017-05-30

▶