CVE-2017-7601

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior (invalid shift exponent) in JPEGSetupEncode().
Group Package Affected Fixed Severity Status Ticket
AVG-817 lib32-libtiff 4.0.7-2 4.0.7-3 Medium Fixed
AVG-237 libtiff 4.0.7-2 4.0.7-3 Medium Fixed
Date Advisory Group Package Severity Description
28 Apr 2017 ASA-201704-10 AVG-237 libtiff Medium multiple issues
References
http://seclists.org/oss-sec/2017/q2/39
https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490