PT-2017-7840 · Libtiff+1 · Libtiff+1

Agostino Sarubbo

Published

2017-03-24

Updated

2024-06-15

CVE-2016-10270

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.7

Description The issue allows remote attackers to cause a denial of service, specifically a heap-based buffer over-read, or possibly have other unspecified impacts through a crafted TIFF image. This is related to a "READ of size 8" in the libtiff/tif read.c file at line 523.

Recommendations For LibTIFF version 4.0.7, update to a version that fixes the heap-based buffer over-read issue in the tif read.c file to prevent denial of service or other potential impacts.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2016-10270

DSA-3844-1

MGASA-2017-0199

OPENSUSE-SU-2017_1108-1

OPENSUSE-SU-2024:11461-1

SUSE-SU-2017:1044-1

SUSE-SU-2018:1472-1

Affected Products

Libtiff

Suse

PT-2017-7840 · Libtiff+1 · Libtiff+1

CVE-2016-10270

Weakness Enumeration

Related Identifiers

Affected Products

References · 123