Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 610330 (CVE-2017-5225) - <media-libs/tiff-4.0.7-r1: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value (CVE-2017-5225)
Summary: <media-libs/tiff-4.0.7-r1: Heap-buffer overflow in tools/tiffcp via crafted B...
Alias: CVE-2017-5225
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa cve]
Depends on: CVE-2017-7592, CVE-2017-7593, CVE-2017-7594
  Show dependency tree
Reported: 2017-02-21 00:53 UTC by Thomas Deutschmann
Modified: 2017-09-26 22:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-02-21 00:53:33 UTC
A heap-buffer overflow vulnerability was found in libtiff in the tools/tiffcp. Using a maliciously crafted BitsPerSample value could cause the application to crash or possibly allow code execution.

Upstream bugs:

Upstream patch:
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2017-02-21 00:54:00 UTC
CVE-2017-5225 (
  LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the
  tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-09-26 22:11:30 UTC
This issue was resolved and addressed in
 GLSA 201709-27 at
by GLSA coordinator Aaron Bauman (b-man).