What is the severity of CVE-2017-9937?

CVE-2017-9937 is classified as a denial of service vulnerability that can cause application crashes.

How do I fix CVE-2017-9937?

To fix CVE-2017-9937, update to versions of IBM Cognos Analytics above 12.0.3 or 11.2.4 FP4, or upgrade LibTIFF above 4.0.8.

What products are affected by CVE-2017-9937?

CVE-2017-9937 affects IBM Cognos Analytics versions 11.2.0 to 11.2.4 FP4 and 12.0.0 to 12.0.3, as well as LibTIFF version 4.0.8.

Can CVE-2017-9937 be exploited remotely?

Yes, CVE-2017-9937 can be exploited remotely if a victim opens a crafted TIFF document.

What is the impact of CVE-2017-9937?

The impact of CVE-2017-9937 is a denial of service, causing the application to abort.

Vulnerability/
CVE-2017-9937

medium

6.5

CWE

119

26/6/2017

17/12/2024

CVE-2017-9937: Buffer Overflow

First published: Mon Jun 26 2017(Updated: )

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Cognos Analytics	<=12.0.0-12.0.3
IBM Cognos Analytics	<=11.2.0-11.2.4 FP4
libtiff	<=4.0.8

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7177223

Frequently Asked Questions

What is the severity of CVE-2017-9937?
CVE-2017-9937 is classified as a denial of service vulnerability that can cause application crashes.
How do I fix CVE-2017-9937?
To fix CVE-2017-9937, update to versions of IBM Cognos Analytics above 12.0.3 or 11.2.4 FP4, or upgrade LibTIFF above 4.0.8.
What products are affected by CVE-2017-9937?
CVE-2017-9937 affects IBM Cognos Analytics versions 11.2.0 to 11.2.4 FP4 and 12.0.0 to 12.0.3, as well as LibTIFF version 4.0.8.
Can CVE-2017-9937 be exploited remotely?
Yes, CVE-2017-9937 can be exploited remotely if a victim opens a crafted TIFF document.
What is the impact of CVE-2017-9937?
The impact of CVE-2017-9937 is a denial of service, causing the application to abort.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/event
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/softwarecombine
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.3
version/ibm cognos analytics/11.2.0-11.2.4 fp4
vendor/libtiff
canonical/libtiff
version/libtiff/4.0.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.