PT-2017-1214 · Libtiff+3 · Libtiff+3

Kaixiang Zhang

·

Publicado

2016-10-20

·

Atualizado

2024-06-15

·

CVE-2016-5323

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.6
Description The issue is related to the improper handling of data by the TIFFFax3fillruns function in the libtiff library. This can be exploited by remote attackers to cause a denial of service, resulting in a divide-by-zero error and application crash, via a crafted Tiff image.
Recommendations For versions prior to 4.0.6, update to version 4.0.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TIFFFax3fillruns function until a patch is available.

Correção

DoS

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

ALT-PU-2019-1628
BDU:2017-00327
CVE-2016-5323
DLA-606-1
DLA-610-1
DSA-3762-1
MGASA-2016-0349
OPENSUSE-SU-2016_3035-1
OPENSUSE-SU-2024:10554-1
SUSE-SU-2016:3301-1
USN-3212-1
USN-3212-2

Produtos afetados

Alt Linux
Suse
Ubuntu
Libtiff