Heap-based Buffer Over-read in LibTIFF 4.0.7's bmp2tiff Vulnerability

Heap-based Buffer Over-read in LibTIFF 4.0.7's bmp2tiff Vulnerability

CVE-2017-9117 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

Learn more about our Web Application Penetration Testing UK.