PT-2016-4577 · Libtiff+2 · Libtiff+2
Agostino Sarubbo
·
Published
2016-12-31
·
Updated
2021-03-05
·
CVE-2016-10093
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LibTIFF versions 3.9.3 through 3.9.7, 4.0.0alpha4 through 4.0.0alpha6, 4.0.0beta7, 4.0.0 through 4.0.6
Description
The issue is related to an integer overflow in the tools/tiffcp.c file in LibTIFF, which allows remote attackers to have an unspecified impact via a crafted image. This triggers a heap-based buffer overflow.
Recommendations
For LibTIFF versions 3.9.3 through 3.9.7, update to a version that fixes the integer overflow issue in tools/tiffcp.c.
For LibTIFF versions 4.0.0alpha4 through 4.0.0alpha6, update to a version that fixes the integer overflow issue in tools/tiffcp.c.
For LibTIFF versions 4.0.0beta7, 4.0.0 through 4.0.6, update to a version that fixes the integer overflow issue in tools/tiffcp.c.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libtiff
Suse
Ubuntu