Base Score

CRITICAL9.8

CVE-2017-5225

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

VectorNETWORK

Published Bycve@mitre.org

Published DateJan 12, 2017, 11:59

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://bugzilla.maptools.org/show_bug.cgi?id=2656
http://bugzilla.maptools.org/show_bug.cgi?id=2657
http://www.debian.org/security/2017/dsa-3844
http://www.securityfocus.com/bid/95413
http://www.securitytracker.com/id/1037911
https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
https://security.gentoo.org/glsa/201709-27

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH