Home

CVE-2017-9937

Description

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.54

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.18.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.18.04.1_amd64.debLinux
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.20.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.20.04.1_amd64.debLinux
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.22.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) libjbig0_2.1-3.1ubuntu0.22.04.1_amd64.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.18.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.18.04.1_amd64.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.20.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.20.04.1_amd64.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.22.04.1_i386.debLinux
JBIG1 data compression library (USN-5742-1) jbigkit-bin_2.1-3.1ubuntu0.22.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234