PT-2016-3810 · Libtiff+4 · Libtiff+4

Hans Jerry Illikainen

·

Publicado

2016-01-08

·

Atualizado

2024-06-15

·

CVE-2015-7554

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libtiff version 4.0.6
Description The issue allows attackers to cause a denial of service, which may result in an invalid memory write and crash, or possibly have other unspecified impacts. This can be achieved through crafted field data in an extension tag in a TIFF image. The TIFFVGetField function in tif dir.c is the vulnerable component.
Recommendations For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other unspecified impacts through the TIFFVGetField function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

CESA-2016_1546
CESA-2016_1547
CVE-2015-7554
DLA-692-1
DLA-693-1
MGASA-2016-0349
OPENSUSE-SU-2016_3035-1
OPENSUSE-SU-2018_0097-1
OPENSUSE-SU-2024:10554-1
RHSA-2016:1546
RHSA-2016:1547
RHSA-2016_1546
RHSA-2016_1547
SUSE-SU-2016:0160-1
SUSE-SU-2016:0353-1
SUSE-SU-2016_0160-1
SUSE-SU-2016_0353-1
SUSE-SU-2018:0073-1
SUSE-SU-2018:1179-1
SUSE-SU-2018:1835-1
SUSE-SU-2018_1179-1
USN-3212-1
USN-3212-2
USN-3212-3

Produtos afetados

Centos
Red Hat
Suse
Ubuntu
Libtiff