PT-2016-7770 · None+4 · Libtiff+4

Axel Souchet

Publicado

2016-11-22

Atualizado

2018-05-09

CVE-2016-9536

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.0.6

Description The issue is related to out-of-bounds write vulnerabilities in heap allocated buffers. Specifically, the t2p process jpeg strip() function is affected. This could potentially lead to exploitation, although no specific details about the estimated number of affected devices or real-world incidents are provided.

Recommendations For libtiff version 4.0.6, consider updating to a newer version that addresses the out-of-bounds write vulnerabilities in the t2p process jpeg strip() function. As a temporary workaround, consider restricting access to the t2p process jpeg strip() function until a patch is available.

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

CESA-2017_0225

CVE-2016-9536

DLA-795-1

DSA-3762-1

RHSA-2017:0225

RHSA-2017_0225

SUSE-SU-2018:1179-1

USN-3212-1

USN-3212-2

USN-3212-3

Produtos afetados

Centos

Red Hat

Suse

Ubuntu

Libtiff

PT-2016-7770 · None+4 · Libtiff+4

CVE-2016-9536

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 84