PT-2016-3102 · Libtiff+3 · Libtiff+3

Andrej Nemec

Published

2016-06-15

Updated

2019-04-10

CVE-2016-5315

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libtiff versions 4.0.6 and earlier

Description The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. This is due to a buffer read out-of-bounds vulnerability in the setByteArray function in tif dir.c.

Recommendations For libtiff versions 4.0.6 and earlier, update to a version later than 4.0.6 to resolve the issue. As a temporary workaround, consider restricting the use of the setByteArray function in tif dir.c until a patch is available. Avoid using the setByteArray function with untrusted tiff images until the issue is resolved.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1628

BDU:2017-00883

CVE-2016-5315

DLA-606-1

DLA-610-1

DSA-3762-1

MGASA-2016-0349

SUSE-SU-2018:1472-1

USN-3212-1

USN-3212-2

Affected Products

Alt Linux

Suse

Ubuntu

Libtiff

PT-2016-3102 · Libtiff+3 · Libtiff+3

CVE-2016-5315

Weakness Enumeration

Related Identifiers

Affected Products

References · 246