CVE-2017-9936

high-risk

Published 2017-06-26

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.

Do I need to act?

5.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42300

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (6)

Libtiff

Debian Linux

Ubuntu Linux

Affected Vendors

Libtiff Debian Canonical

References (10)

Issue Tracking http://bugzilla.maptools.org/show_bug.cgi?id=2706

Third Party Advisory http://www.debian.org/security/2017/dsa-3903

Third Party Advisory http://www.securityfocus.com/bid/99300

Third Party Advisory https://usn.ubuntu.com/3602-1/

Exploit https://www.exploit-db.com/exploits/42300/

Issue Tracking http://bugzilla.maptools.org/show_bug.cgi?id=2706

Third Party Advisory http://www.debian.org/security/2017/dsa-3903

Third Party Advisory http://www.securityfocus.com/bid/99300

Third Party Advisory https://usn.ubuntu.com/3602-1/

Exploit https://www.exploit-db.com/exploits/42300/

/ 100

high-risk

Severity 24/34 · High

Exploitability 16/34 · Moderate

Exposure 13/34 · Low