CVE-2017-13727

Published: Aug 29, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

Affected (1)

Products: Libtiff: Libtiff

Libtiff

1 product

Libtiff

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.8

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (8)

http://bugzilla.maptools.org/show_bug.cgi?id=2728

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://www.securityfocus.com/bid/100524

Source: cve@mitre.org

https://usn.ubuntu.com/3602-1/

Source: cve@mitre.org

https://www.debian.org/security/2018/dsa-4100

Source: cve@mitre.org

http://bugzilla.maptools.org/show_bug.cgi?id=2728

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://www.securityfocus.com/bid/100524

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3602-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4100

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.