PT-2016-5797 · Libtiff+5 · Libtiff+5

Andrej Nemec

Published

2016-08-02

Updated

2024-06-15

CVE-2016-3990

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.6 and earlier

Description The issue is related to a heap-based buffer overflow in the horizontalDifference8 function in tif pixarlog.c. This can be triggered by remote attackers using a crafted TIFF image to cause a denial of service (crash) or potentially execute arbitrary code.

Recommendations For LibTIFF version 4.0.6 and earlier, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the processing of TIFF images from untrusted sources to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2019-1628

CESA-2016_1546

CESA-2016_1547

CVE-2016-3990

DLA-610-1

DLA-795-1

DSA-3762-1

MGASA-2016-0349

OPENSUSE-SU-2024:10554-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2016:2508-1

SUSE-SU-2016:2527-1

USN-3212-1

USN-3212-2

USN-3212-3

Affected Products

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2016-5797 · Libtiff+5 · Libtiff+5

CVE-2016-3990

Weakness Enumeration

Related Identifiers

Affected Products

References · 318