Candidate: CVE-2017-17942
PublicDate: 2017-12-28 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17942
Description:
 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function
 PackBitsEncode in tif_packbits.c.
Ubuntu-Description:
Notes:
 mdeslaur> probably a dupe of CVE-2016-5319
 mdeslaur> as of 2021-02-24, no upstream fix
Bugs:
 http://bugzilla.maptools.org/show_bug.cgi?id=2767 (old)
 https://gitlab.com/libtiff/libtiff/issues/120
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885579
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_tiff:
upstream_tiff: needs-triage
precise/esm_tiff: ignored (end of ESM support, was deferred [2021-02-24])
trusty_tiff: ignored (reached end-of-life)
trusty/esm_tiff: deferred (2021-02-24)
xenial_tiff: ignored (end of standard support, was deferred [2021-02-24])
esm-infra/xenial_tiff: deferred (2021-02-24)
zesty_tiff: ignored (reached end-of-life)
artful_tiff: ignored (reached end-of-life)
bionic_tiff: not-affected (4.0.7-1)
cosmic_tiff: not-affected (4.0.7-1)
disco_tiff: not-affected (4.0.7-1)
eoan_tiff: not-affected (4.0.7-1)
focal_tiff: not-affected (4.0.7-1)
groovy_tiff: not-affected (4.0.7-1)
hirsute_tiff: not-affected (4.0.7-1)
impish_tiff: not-affected (4.0.7-1)
jammy_tiff: not-affected (4.0.7-1)
devel_tiff: not-affected (4.0.7-1)