PT-2017-7838 · Libtiff+2 · Libtiff+2

Agostino Sarubbo

·

Publicado

2017-03-24

·

Atualizado

2024-06-15

·

CVE-2016-10268

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.7
Description The issue allows remote attackers to cause a denial of service, potentially leading to an integer underflow and heap-based buffer under-read, via a crafted TIFF image. This is related to a "READ of size 78490" in the tif unix.c file.
Recommendations For LibTIFF version 4.0.7, consider updating to a newer version that addresses this issue, as using a crafted TIFF image could lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191

Identificadores relacionados

CVE-2016-10268
DLA-877-1
MGASA-2017-0199
OPENSUSE-SU-2017_1108-1
OPENSUSE-SU-2024:11461-1
SUSE-SU-2017:1044-1
SUSE-SU-2018:1179-1
USN-3602-1

Produtos afetados

Libtiff
Suse
Ubuntu