CVE-2017-9117
- Reference to the description:
- Description:
- In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).
- Last updated date:
- 01/08/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/03/2019
- Reference url to background