PT-2016-6362 · Libtiff+3 · Libtiff+3

Mathias Svensson

Publicado

2016-06-15

Atualizado

2024-06-15

CVE-2016-5314

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF versions 4.0.6 and earlier

Description The issue is related to a buffer overflow in the PixarLogDecode function, located in the tif pixarlog.c file. This buffer overflow can be triggered by a crafted TIFF image, potentially allowing remote attackers to cause a denial of service, such as an application crash. It may also have other unspecified impacts, including the possibility of overwriting function pointers, for example, the vgetparent function pointer with rgb2ycbcr.

Recommendations For LibTIFF versions 4.0.6 and earlier, update to a version later than 4.0.6 to resolve the issue.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1628

CVE-2016-5314

DLA-606-1

DLA-610-1

DSA-3762-1

MGASA-2016-0349

OPENSUSE-SU-2024:10554-1

SUSE-SU-2016:2271-1

SUSE-SU-2016:2527-1

SUSE-SU-2018:1472-1

USN-3212-1

USN-3212-2

Produtos afetados

Alt Linux

Libtiff

Suse

Ubuntu

PT-2016-6362 · Libtiff+3 · Libtiff+3

CVE-2016-5314

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 174