PT-2016-5628 · None+5 · Libtiff+5

Andrej Nemec

Published

2016-08-02

Updated

2019-04-10

CVE-2016-3632

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.6 and earlier

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code via a crafted TIFF image. This is due to an out-of-bounds write in the TIFFVGetField function in tif dirinfo.c.

Recommendations For LibTIFF version 4.0.6 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the TIFFVGetField function in tif dirinfo.c until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1628

CESA-2016_1546

CESA-2016_1547

CVE-2016-3632

DLA-693-1

MGASA-2016-0349

OPENSUSE-SU-2018_1834-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2018:1826-1

SUSE-SU-2018:1835-1

SUSE-SU-2018_1826-1

USN-3212-1

USN-3212-2

USN-3212-3

Affected Products

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2016-5628 · None+5 · Libtiff+5

CVE-2016-3632

Weakness Enumeration

Related Identifiers

Affected Products

References · 299