PT-2017-7838 · Libtiff+2 · Libtiff+2

Agostino Sarubbo

·

Published

2017-03-24

·

Updated

2024-06-15

·

CVE-2016-10268

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.7
Description The issue allows remote attackers to cause a denial of service, potentially leading to an integer underflow and heap-based buffer under-read, via a crafted TIFF image. This is related to a "READ of size 78490" in the tif unix.c file.
Recommendations For LibTIFF version 4.0.7, consider updating to a newer version that addresses this issue, as using a crafted TIFF image could lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2016-10268
DLA-877-1
MGASA-2017-0199
OPENSUSE-SU-2017_1108-1
OPENSUSE-SU-2024:11461-1
SUSE-SU-2017:1044-1
SUSE-SU-2018:1179-1
USN-3602-1

Affected Products

Libtiff
Suse
Ubuntu