Home

CVE-2017-5849

Description

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.234

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2024:0435-1(Basesystem Module 15-SP5) netpbm-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0435-1(Basesystem Module 15-SP5) libnetpbm11-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0435-1(Desktop Applications Module 15-SP5) libnetpbm-devel-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0435-1(Basesystem Module 15-SP5) netpbm-debuginfo-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0435-1(Basesystem Module 15-SP5) netpbm-debugsource-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0435-1(Basesystem Module 15-SP5) libnetpbm11-debuginfo-10.80.1-150000.3.14.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) libnetpbm11-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) libnetpbm11-32bit-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) libnetpbm11-debuginfo-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) libnetpbm11-debuginfo-32bit-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) netpbm-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) netpbm-debuginfo-10.66.3-8.10.1.x86_64.rpmLinux
SUSE-SU-2024:0434-1(SUSE Linux Enterprise Server 12 SP5 ) netpbm-debugsource-10.66.3-8.10.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234