CVE-2017-5225

Published: Jan 12, 2017Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

Affected (1)

Products: Libtiff: Libtiff

Libtiff

1 product

Libtiff

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.7

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (14)

http://bugzilla.maptools.org/show_bug.cgi?id=2656

Source: cve@mitre.org

ExploitIssue Tracking

http://bugzilla.maptools.org/show_bug.cgi?id=2657

Source: cve@mitre.org

ExploitIssue Tracking

http://www.debian.org/security/2017/dsa-3844

Source: cve@mitre.org

http://www.securityfocus.com/bid/95413

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037911

Source: cve@mitre.org

https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7

Source: cve@mitre.org

Patch

https://security.gentoo.org/glsa/201709-27

Source: cve@mitre.org

http://bugzilla.maptools.org/show_bug.cgi?id=2656