CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16232

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html
http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html
http://seclists.org/fulldisclosure/2018/Dec/32
http://seclists.org/fulldisclosure/2018/Dec/47
http://www.openwall.com/lists/oss-security/2017/11/01/11
http://www.openwall.com/lists/oss-security/2017/11/01/3
http://www.openwall.com/lists/oss-security/2017/11/01/7
http://www.openwall.com/lists/oss-security/2017/11/01/8
http://www.securityfocus.com/bid/101696
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html
http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html
http://seclists.org/fulldisclosure/2018/Dec/32
http://seclists.org/fulldisclosure/2018/Dec/47
http://www.openwall.com/lists/oss-security/2017/11/01/11
http://www.openwall.com/lists/oss-security/2017/11/01/3
http://www.openwall.com/lists/oss-security/2017/11/01/7
http://www.openwall.com/lists/oss-security/2017/11/01/8
http://www.securityfocus.com/bid/101696

Products affected by CVE-2017-16232

Libtiff » Libtiff » Version: 4.0.8

cpe:2.3:a:libtiff:libtiff:4.0.8
Opensuse » Leap » Version: 42.2

cpe:2.3:o:opensuse:leap:42.2
Opensuse » Leap » Version: 42.3

cpe:2.3:o:opensuse:leap:42.3
Suse » Linux Enterprise Desktop » Version: 12

cpe:2.3:o:suse:linux_enterprise_desktop:12
Suse » Linux Enterprise Server » Version: 12

cpe:2.3:o:suse:linux_enterprise_server:12
Suse » Linux Enterprise Software Development Kit » Version: 12

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16232

Products

Pricing

Contact Us