CVE-2017-9117

EUVD-2017-18055
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
mitreCNA
4 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
4.0.7
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
artful
not-affected
trusty
Fixed 4.0.3-7ubuntu0.9
released
xenial
Fixed 4.0.6-1ubuntu0.4
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://bugzilla.maptools.org/show_bug.cgi?id=2690
http://www.securityfocus.com/bid/98581
https://gitlab.com/libtiff/libtiff/-/issues/89
https://usn.ubuntu.com/3606-1/
http://bugzilla.maptools.org/show_bug.cgi?id=2690
http://www.securityfocus.com/bid/98581
https://usn.ubuntu.com/3606-1/