PT-2016-2788 · Libtiff+1 · Libtiff+1
Kaixiang Zhang
·
Publicado
2016-10-03
·
Atualizado
2019-04-10
·
CVE-2016-3631
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
LibTIFF versions 4.0.6 and earlier
Description
The issue allows an attacker to cause a denial of service, specifically an out-of-bounds read, via vectors related to the
bytecounts[] array variable. This is due to vulnerabilities in the (1) cpStrips and (2) cpTiles functions in the thumbnail tool.Recommendations
For LibTIFF versions 4.0.6 and earlier, consider disabling the
cpStrips and cpTiles functions in the thumbnail tool as a temporary workaround until a patch is available. Restrict access to the thumbnail tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Libtiff