Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-5563

Published: 23 January 2017

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

Notes

Author	Note
mdeslaur	proposed patch in upstream bug bmp2tiff removed in recent versions we will not be fixing this issue in precise/esm

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	artful	Not vulnerable (4.0.8-5)
	precise	Ignored
	trusty	Released (4.0.3-7ubuntu0.9)
	upstream	Needed
	xenial	Released (4.0.6-1ubuntu0.4)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)

References

Bugs

http://bugzilla.maptools.org/show_bug.cgi?id=2664

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading