PT-2016-4049 · Libtiff+4 · Libtiff+4

Floyd

·

Publicado

2016-12-06

·

Atualizado

2019-04-10

·

CVE-2015-8870

CVSS v3.1

7.4

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.0.4
Description The issue allows remote attackers to cause a denial of service or possibly obtain sensitive information from process memory via crafted width and length values in RLE4 or RLE8 data in a BMP file. This is due to an integer overflow in tools/bmp2tiff.c.
Recommendations For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of BMP files with RLE4 or RLE8 data to minimize the risk of exploitation.

Correção

DoS

RCE

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-190

Identificadores relacionados

ALT-PU-2019-1628
CESA-2017_0225
CVE-2015-8870
RHSA-2017:0225
RHSA-2017_0225
SUSE-SU-2018:3879-1
SUSE-SU-2018_3879-1

Produtos afetados

Alt Linux
Centos
Libtiff
Red Hat
Suse