CVE-2017-17095

HIGH

LibTIFF 4.0.9 - Heap-Based Buffer Overflow in pal2rgb

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17095. PoCs published by Jungun Baek.

AI-analyzed exploit summary The exploit demonstrates a heap-buffer-overflow vulnerability in LibTIFF's pal2rgb tool, where an incorrectly sized output buffer leads to memory corruption when processing specially crafted TIFF files. The PoC includes detailed analysis and debug information confirming the overflow.

Description

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

Exploits (1)

exploitdb WORKING POC
by Jungun Baek · textdoslinux
https://www.exploit-db.com/exploits/43322

The exploit demonstrates a heap-buffer-overflow vulnerability in LibTIFF's pal2rgb tool, where an incorrectly sized output buffer leads to memory corruption when processing specially crafted TIFF files. The PoC includes detailed analysis and debug information confirming the overflow.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: LibTIFF 4.0.9
No auth needed
Prerequisites: A crafted TIFF file with manipulated ImageWidth and ImageLength values
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3606-1/
Exploit, Issue Tracking x_refsource_misc
http://bugzilla.maptools.org/show_bug.cgi?id=2750
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43322/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4349
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102124
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-25

Scores

CVSS v3 8.8
EPSS 0.1064
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
libtiff/libtiff 4.0.9
Published Dec 02, 2017
Tracked Since Feb 18, 2026