CVE-2017-4935

Name: CVE-2017-4935
Creator: NVD / NIST
Published: 2017-11-17T14:29:00.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.39%

Last modified Jun 17, 2026

CVE-2017-4935 is a vulnerability of currently unknown severity. VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Metrics

EPSS Probability

0.39%

31.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Vmware	Workstation	12.0.0
Vmware	Workstation	12.0.1
Vmware	Workstation	12.1
Vmware	Workstation	12.1.1
Vmware	Workstation	12.5
Vmware	Workstation	12.5.1
Vmware	Workstation	12.5.2
Vmware	Workstation	12.5.3
Vmware	Workstation	12.5.4
Vmware	Workstation	12.5.5
Vmware	Workstation	12.5.6
Vmware	Workstation	12.5.7
Vmware	Horizon View	4.0.0
Vmware	Horizon View	4.0.1
Vmware	Horizon View	4.1
Vmware	Horizon View	4.2
Vmware	Horizon View	4.3
Vmware	Horizon View	4.4
Vmware	Horizon View	4.5
Vmware	Horizon View	4.6

References

http://www.securityfocus.com/bid/101902Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039835Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039836Third Party Advisory, VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0018.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/101902Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039835Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039836Third Party Advisory, VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0018.htmlPatch, Vendor Advisory

Timeline

Published: Nov 17, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-4935?

How severe is CVE-2017-4935?

Severity scoring for CVE-2017-4935 is pending analysis. The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2017-4935?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-4935?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST