PT-2016-7770 · None+4 · Libtiff+4

Axel Souchet

Published

2016-11-22

Updated

2018-05-09

CVE-2016-9536

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libtiff version 4.0.6

Description The issue is related to out-of-bounds write vulnerabilities in heap allocated buffers. Specifically, the t2p process jpeg strip() function is affected. This could potentially lead to exploitation, although no specific details about the estimated number of affected devices or real-world incidents are provided.

Recommendations For libtiff version 4.0.6, consider updating to a newer version that addresses the out-of-bounds write vulnerabilities in the t2p process jpeg strip() function. As a temporary workaround, consider restricting access to the t2p process jpeg strip() function until a patch is available.

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

CESA-2017_0225

CVE-2016-9536

DLA-795-1

DSA-3762-1

RHSA-2017:0225

RHSA-2017_0225

SUSE-SU-2018:1179-1

USN-3212-1

USN-3212-2

USN-3212-3

Affected Products

Centos

Red Hat

Suse

Ubuntu

Libtiff

PT-2016-7770 · None+4 · Libtiff+4

CVE-2016-9536

Weakness Enumeration

Related Identifiers

Affected Products

References · 84