CVE-2017-5563
Published: 23 January 2017
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
Priority
CVSS 3 base score: 8.8
Notes
Author | Note |
---|---|
mdeslaur | proposed patch in upstream bug bmp2tiff removed in recent versions we will not be fixing this issue in precise/esm |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563
- https://usn.ubuntu.com/usn/usn-3606-1
- NVD
- Launchpad
- Debian