VDB
CVE-2017-5849
CVE-2017-5849
PUBLISHED
Es existiert eine Schwachstelle in libTIFF. Ein entfernter anonymer Angreifer kann diese Out-of-Bound read und write Schwachstelle ausnutzen um einen Denial of Service zu verursachen oder Potentiell Code mit Nutzerrechten zur Ausführung zu bringen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte zu öffnen.
EPSS 0.18% · 38.9th percentile
Risk Scores
EPSS Score
0.18%
38.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell PowerProtect Data Domain | |
| Dell | Dell PowerProtect Data Domain <7.10.1.40 | |
| Dell | Dell PowerProtect Data Domain OS | |
| EMC | EMC Avamar | |
| Dell | Dell PowerProtect Data Domain <8.1.0.0 | |
| Open Source | Open Source libTIFF | |
| Dell | Dell NetWorker virtual | |
| Dell | Dell PowerProtect Data Domain <7.13.1.10 | |
| SUSE | SUSE Linux | |
| Dell | Dell PowerProtect Data Domain <7.7.5.50 | |
| Dell | Dell PowerProtect Data Domain Management Center |
Exploit Intelligence
Timeline
- Feb 1, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-0327.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0327 advisory
- http://seclists.org/oss-sec/2017/q1/277 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017894.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017895.html advisory
- https://www.dell.com/support/kbdoc/000224827/dsa-2024-= advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377 advisory
- https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability advisory
- https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/ advisory