CVE-2017-5563
Published: 23 January 2017
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
Notes
Author | Note |
---|---|
mdeslaur | proposed patch in upstream bug bmp2tiff removed in recent versions we will not be fixing this issue in precise/esm |
Priority
CVSS 3 base score: 8.8