tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97202 | |
https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ | Patch Third Party Advisory VDB Entry |
https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df | Issue Tracking Patch Third Party Advisory |
https://security.gentoo.org/glsa/201709-27 | |
https://usn.ubuntu.com/3602-1/ |
Configurations
History
No history.
Information
Published : 2017-03-24 19:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-10268
Mitre link : CVE-2016-10268
CVE.ORG link : CVE-2016-10268
JSON object : View
Products Affected
libtiff
- libtiff
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)