Medium severity5.5NVD Advisory· Published Mar 15, 2017· Updated Jun 17, 2026
CVE-2017-5849
CVE-2017-5849
Description
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- osv-coords7 versionspkg:rpm/opensuse/netpbm&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/netpbm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/netpbm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/netpbm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/netpbm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/netpbm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/netpbm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 10.80.1-150000.3.14.1+ 6 more
- (no CPE)range: < 10.80.1-150000.3.14.1
- (no CPE)range: < 11.5.2-2.1
- (no CPE)range: < 10.80.1-150000.3.14.1
- (no CPE)range: < 10.80.1-150000.3.14.1
- (no CPE)range: < 10.66.3-8.10.1
- (no CPE)range: < 10.66.3-8.10.1
- (no CPE)range: < 10.66.3-8.10.1
Patches
Vulnerability mechanics
References
6- bugzilla.maptools.org/show_bug.cginvdExploitIssue TrackingThird Party AdvisoryVDB Entry
- bugzilla.maptools.org/show_bug.cginvdExploitIssue TrackingThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2017/02/02/2nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/96011nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF42A624FXVY3BYBHMAO6F2X7EJYHQE2/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDK3BDMKIQL2NQ3SJZXPBEN2LSOUSSEE/nvd
News mentions
0No linked articles in our index yet.