CVE-2017-5563
CVE Details
Visit the official vulnerability details page for CVE-2017-5563 to learn more.
Initial Publication
01/20/2025
Last Update
03/24/2025
Third Party Dependency
libtiff6
NIST CVE Summary
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
CVE Severity
Our Official Summary
This vulnerability is reported in the libtiff library on some of the third party images. It requires crafted input and is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.13 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.12 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.8 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.7 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.6 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.21 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 03/24/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12, 4.6.13 |
| 03/18/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 |
| 03/13/2025 | Status changed from Open to Ongoing |
| 03/13/2025 | Official summary added |
| 03/01/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 |
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |