PT-2016-2788 · Libtiff+1 · Libtiff+1

Kaixiang Zhang

Published

2016-10-03

Updated

2019-04-10

CVE-2016-3631

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF versions 4.0.6 and earlier

Description The issue allows an attacker to cause a denial of service, specifically an out-of-bounds read, via vectors related to the bytecounts[] array variable. This is due to vulnerabilities in the (1) cpStrips and (2) cpTiles functions in the thumbnail tool.

Recommendations For LibTIFF versions 4.0.6 and earlier, consider disabling the cpStrips and cpTiles functions in the thumbnail tool as a temporary workaround until a patch is available. Restrict access to the thumbnail tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1628

BDU:2016-02191

CVE-2016-3631

DLA-693-1

Affected Products

Alt Linux

Libtiff

PT-2016-2788 · Libtiff+1 · Libtiff+1

CVE-2016-3631

Weakness Enumeration

Related Identifiers

Affected Products

References · 108