CVE-2015-8668

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libtiff versions 4.0.6 and earlier

Description The issue is related to a heap-based buffer overflow in the PackBitsPreEncode function in tif packbits.c in bmp2tiff, which allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

Recommendations For libtiff versions 4.0.6 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the processing of BMP images with large width fields to minimize the risk of exploitation.

Exploit

Fix

RCE

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CESA-2016_1546

CESA-2016_1547

CVE-2015-8668

DLA-693-1

MGASA-2016-0349

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2018:2676-1

SUSE-SU-2018_2676-1

SUSE-SU-2024:0915-1

SUSE-SU-2024_0915-1

USN-3212-1

USN-3212-2

USN-3212-3

Affected Products

Centos

Red Hat

Suse

Ubuntu

Libtiff

CVE-2015-8668

Weakness Enumeration

Related Identifiers

Affected Products

References · 232