PT-2016-3810 · Libtiff+4 · Libtiff+4

Hans Jerry Illikainen

Published

2016-01-08

Updated

2024-06-15

CVE-2015-7554

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.0.6

Description The issue allows attackers to cause a denial of service, which may result in an invalid memory write and crash, or possibly have other unspecified impacts. This can be achieved through crafted field data in an extension tag in a TIFF image. The TIFFVGetField function in tif dir.c is the vulnerable component.

Recommendations For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other unspecified impacts through the TIFFVGetField function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CESA-2016_1546

CESA-2016_1547

CVE-2015-7554

DLA-692-1

DLA-693-1

MGASA-2016-0349

OPENSUSE-SU-2016_3035-1

OPENSUSE-SU-2018_0097-1

OPENSUSE-SU-2024:10554-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2016:0160-1

SUSE-SU-2016:0353-1

SUSE-SU-2016_0160-1

SUSE-SU-2016_0353-1

SUSE-SU-2018:0073-1

SUSE-SU-2018:1179-1

SUSE-SU-2018:1835-1

SUSE-SU-2018_1179-1

USN-3212-1

USN-3212-2

USN-3212-3

Affected Products

Centos

Red Hat

Suse

Ubuntu

Libtiff

PT-2016-3810 · Libtiff+4 · Libtiff+4

CVE-2015-7554

Weakness Enumeration

Related Identifiers

Affected Products

References · 354