Your submission was sent successfully! Close

CVE-2017-5849

Published: 15 March 2017

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

Notes

AuthorNote
mdeslaur
Debian and Ubuntu use a netpbm fork which does not contain the
issue. See here:
http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
netpbm-free
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needed

xenial Not vulnerable

yakkety Not vulnerable