VDB
CVE-2017-17973
CVE-2017-17973
PUBLISHED
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
EPSS 0.63% · 70.8th percentile
Risk Scores
EPSS Score
0.63%
70.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | tiff | *, 4.0.6-1, 4.0.6-1ubuntu0.8+esm15 |
| Ubuntu:Pro:14.04:LTS | tiff | 4.0.3-7ubuntu0.8, 4.0.3-7ubuntu0.4, 4.0.2-4ubuntu3 |
| Ubuntu:Pro:18.04:LTS | tiff | 4.0.8-6, 0, 4.0.8-5 |
Exploit Intelligence
- http://bugzilla.maptools.org/show_bug.cgi?id=2769 (nist-nvd)
- https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01 (circl)
- https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ (circl)
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update (circl)
- https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 (circl)
- USN-3935-1 (circl)
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (circl)
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (circl)
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (circl)
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (circl)
…and 17 more exploits
Timeline
- Dec 29, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- May 14, 2022 CVE Updated
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-17973 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-17973 third-party-advisory