Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-7593 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
tiff (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU32121
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7593
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
MitigationInstall update from vendor's website.
Vulnerable software versionstiff (Alpine package): 4.0.7-r1
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=ea14bc786962a30f943aea7ceceb4804f7b5ec9a
https://git.alpinelinux.org/aports/commit/?id=6fc5e083a79961213cb7151c39372e5dee115a45
https://git.alpinelinux.org/aports/commit/?id=b782af4d8b8c365ef6b066128f905e5ba580cc5b
https://git.alpinelinux.org/aports/commit/?id=f27c940eb7d081d6b511176fe4e0a8c1b131a2de
https://git.alpinelinux.org/aports/commit/?id=ff2e7d109f90f775c735acb314bf37b0008f428c
https://git.alpinelinux.org/aports/commit/?id=09b187444459efedfd8a766c4883fcd6867d203d
https://git.alpinelinux.org/aports/commit/?id=018ecfdea887aa04eb330fe2210c4846a8a38653
https://git.alpinelinux.org/aports/commit/?id=4a95ad60e8095c301cba376cf24886a801e34261
https://git.alpinelinux.org/aports/commit/?id=b39c44a524a6e619c9858717cca0a65e6c2e5873
https://git.alpinelinux.org/aports/commit/?id=dd8f891e03d6c9f13592cb40f786b4528af87e68
https://git.alpinelinux.org/aports/commit/?id=e15563722661317524ce09b3698bdb765f165d9b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.