PT-2016-6362 · Libtiff+3 · Libtiff+3

Mathias Svensson

Published

2016-06-15

Updated

2024-06-15

CVE-2016-5314

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF versions 4.0.6 and earlier

Description The issue is related to a buffer overflow in the PixarLogDecode function, located in the tif pixarlog.c file. This buffer overflow can be triggered by a crafted TIFF image, potentially allowing remote attackers to cause a denial of service, such as an application crash. It may also have other unspecified impacts, including the possibility of overwriting function pointers, for example, the vgetparent function pointer with rgb2ycbcr.

Recommendations For LibTIFF versions 4.0.6 and earlier, update to a version later than 4.0.6 to resolve the issue.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1628

CVE-2016-5314

DLA-606-1

DLA-610-1

DSA-3762-1

MGASA-2016-0349

OPENSUSE-SU-2024:10554-1

SUSE-SU-2016:2271-1

SUSE-SU-2016:2527-1

SUSE-SU-2018:1472-1

USN-3212-1

USN-3212-2

Affected Products

Alt Linux

Libtiff

Suse

Ubuntu

PT-2016-6362 · Libtiff+3 · Libtiff+3

CVE-2016-5314

Weakness Enumeration

Related Identifiers

Affected Products

References · 174