PT-2016-5628 · None+5 · Libtiff+5

Andrej Nemec

Publicado

2016-08-02

Atualizado

2019-04-10

CVE-2016-3632

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.6 and earlier

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code via a crafted TIFF image. This is due to an out-of-bounds write in the TIFFVGetField function in tif dirinfo.c.

Recommendations For LibTIFF version 4.0.6 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the TIFFVGetField function in tif dirinfo.c until a patch is available.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1628

CESA-2016_1546

CESA-2016_1547

CVE-2016-3632

DLA-693-1

MGASA-2016-0349

OPENSUSE-SU-2018_1834-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2018:1826-1

SUSE-SU-2018:1835-1

SUSE-SU-2018_1826-1

USN-3212-1

USN-3212-2

USN-3212-3

Produtos afetados

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2016-5628 · None+5 · Libtiff+5

CVE-2016-3632

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 299