CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.2%
Severity: Medium
Date : 2017-04-28
CVE-ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595
CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599
CVE-2017-7600 CVE-2017-7601 CVE-2017-7602
Package : libtiff
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-237
The package libtiff before version 4.0.7-3 is vulnerable to multiple
issues including denial of service and information disclosure.
Upgrade to 4.0.7-3.
The problems have been fixed upstream but no release is available yet.
None.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior in putagreytile().
A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a unitialized-memory access in tif_rawdata(),
leading to information leakage.
A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a memory leak in
OJPEGReadHeaderInfoSecTablesAcTable().
A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a division by zero in JPEGSetupEncode(), leading
to denial of service.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger a division by zero in
TIFFReadDirEntryCheckedRational() or
TIFFReadDirEntryCheckedSrational(), leading to denial of service
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior (invalid shift exponent) in
JPEGSetupEncode().
A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior in TIFFReadRawStrip1().
A remote attacker can access sensitive information and cause an
application crash via a crafted TIFF file.
http://seclists.org/oss-sec/2017/q2/35
http://bugzilla.maptools.org/show_bug.cgi?id=2658
https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
http://seclists.org/oss-sec/2017/q2/36
http://bugzilla.maptools.org/show_bug.cgi?id=2651
https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
http://bugzilla.maptools.org/show_bug.cgi?id=2659
http://seclists.org/oss-sec/2017/q2/37
https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c/
https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
http://seclists.org/oss-sec/2017/q2/38
http://seclists.org/oss-sec/2017/q2/39
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
https://security.archlinux.org/CVE-2017-7592
https://security.archlinux.org/CVE-2017-7593
https://security.archlinux.org/CVE-2017-7594
https://security.archlinux.org/CVE-2017-7595
https://security.archlinux.org/CVE-2017-7596
https://security.archlinux.org/CVE-2017-7597
https://security.archlinux.org/CVE-2017-7598
https://security.archlinux.org/CVE-2017-7599
https://security.archlinux.org/CVE-2017-7600
https://security.archlinux.org/CVE-2017-7601
https://security.archlinux.org/CVE-2017-7602
bugzilla.maptools.org/show_bug.cgi?id=2651
bugzilla.maptools.org/show_bug.cgi?id=2658
bugzilla.maptools.org/show_bug.cgi?id=2659
seclists.org/oss-sec/2017/q2/35
seclists.org/oss-sec/2017/q2/36
seclists.org/oss-sec/2017/q2/37
seclists.org/oss-sec/2017/q2/38
seclists.org/oss-sec/2017/q2/39
blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c/
github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
security.archlinux.org/AVG-237
security.archlinux.org/CVE-2017-7592
security.archlinux.org/CVE-2017-7593
security.archlinux.org/CVE-2017-7594
security.archlinux.org/CVE-2017-7595
security.archlinux.org/CVE-2017-7596
security.archlinux.org/CVE-2017-7597
security.archlinux.org/CVE-2017-7598
security.archlinux.org/CVE-2017-7599
security.archlinux.org/CVE-2017-7600
security.archlinux.org/CVE-2017-7601
security.archlinux.org/CVE-2017-7602
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.2%