ID CVE-2016-9540
Summary tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
References
Vulnerable Configurations
  • cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1402778
title CVE-2015-8870 libtiff: Integer overflow in tools/bmp2tiff.c
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libtiff is earlier than 0:3.9.4-21.el6_8
          oval oval:com.redhat.rhsa:tst:20170225007
        • comment libtiff is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318011
      • AND
        • comment libtiff-devel is earlier than 0:3.9.4-21.el6_8
          oval oval:com.redhat.rhsa:tst:20170225009
        • comment libtiff-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318015
      • AND
        • comment libtiff-static is earlier than 0:3.9.4-21.el6_8
          oval oval:com.redhat.rhsa:tst:20170225005
        • comment libtiff-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318013
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment libtiff is earlier than 0:4.0.3-27.el7_3
          oval oval:com.redhat.rhsa:tst:20170225015
        • comment libtiff is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318011
      • AND
        • comment libtiff-devel is earlier than 0:4.0.3-27.el7_3
          oval oval:com.redhat.rhsa:tst:20170225016
        • comment libtiff-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318015
      • AND
        • comment libtiff-static is earlier than 0:4.0.3-27.el7_3
          oval oval:com.redhat.rhsa:tst:20170225019
        • comment libtiff-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318013
      • AND
        • comment libtiff-tools is earlier than 0:4.0.3-27.el7_3
          oval oval:com.redhat.rhsa:tst:20170225017
        • comment libtiff-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161546006
rhsa
id RHSA-2017:0225
released 2017-02-01
severity Moderate
title RHSA-2017:0225: libtiff security update (Moderate)
rpms
  • libtiff-0:3.9.4-21.el6_8
  • libtiff-devel-0:3.9.4-21.el6_8
  • libtiff-static-0:3.9.4-21.el6_8
  • libtiff-0:4.0.3-27.el7_3
  • libtiff-devel-0:4.0.3-27.el7_3
  • libtiff-static-0:4.0.3-27.el7_3
  • libtiff-tools-0:4.0.3-27.el7_3
refmap via4
bid
  • 94484
  • 94747
confirm https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
debian DSA-3762
Last major update 05-01-2018 - 02:31
Published 22-11-2016 - 19:59
Back to Top