Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K35155453
HistoryNov 08, 2016 - 12:00 a.m.

K35155453 : Multiple LibTIFF vulnerabilities

2016-11-0800:00:00
my.f5.com
19

AI Score

7.8

Confidence

High

EPSS

0.057

Percentile

93.5%

JSON

Security Advisory Description

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

Impact

An attacker can use specially-crafted TIFF files to execute arbitrary code with the limited privileges of the image optimization process.

Related

f5 1
nessus 48
debian 8
openvas 36
cloudfoundry 1
ubuntu 3
amazon 3
securityvulns 3
mageia 3
redhat 2
oraclelinux 2
ibm 3
osv 7
centos 2
ubuntucve 12
debiancve 9
prion 9
cve 9
nvd 9
cvelist 9
veracode 9
freebsd 2
alpinelinux 1
fedora 4
altlinux 1
slackware 1
suse 1
gentoo 1
f5
f5
SOL35155453 - Multiple LibTIFF vulnerabilities
2016-11-08 00:00:00
nessus
nessus
F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K35155453)
2016-11-09 00:00:00
Debian DSA-3467-1 : tiff - security update
2016-02-08 00:00:00
Ubuntu 14.04 LTS : LibTIFF vulnerabilities (USN-2939-1)
2016-03-24 00:00:00
debian
debian
[SECURITY] [DSA 3467-1] tiff security update
2016-02-06 07:39:28
[SECURITY] [DSA 3467-1] tiff security update
2016-02-06 07:39:28
[SECURITY] [DLA 405-1] tiff security update
2016-01-30 13:24:07
openvas
openvas
Debian: Security Advisory (DSA-3467-1)
2016-02-05 00:00:00
Ubuntu: Security Advisory (USN-2939-1)
2016-03-24 00:00:00
Debian Security Advisory DSA 3467-1 (tiff - security update)
2016-02-06 00:00:00
cloudfoundry
cloudfoundry
USN-2939-1 LibTIFF vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2016-03-23 00:00:00
LibTIFF vulnerabilities
2015-03-31 00:00:00
LibTIFF regression
2015-04-01 00:00:00
amazon
amazon
Important: compat-libtiff3
2016-08-17 13:30:00
Important: libtiff
2016-08-17 13:30:00
Medium: libtiff
2015-06-22 15:07:00
securityvulns
securityvulns
[USN-2553-1] LibTIFF vulnerabilities
2015-04-09 00:00:00
[ MDVSA-2015:147-1 ] libtiff
2015-04-13 00:00:00
LibTIFF multiple security vulnerabilities
2015-04-13 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2015-03-23 00:42:09
Updated libtiff package fixes security vulnerabilities
2016-01-14 04:44:39
Updated libtiff packages fix security vulnerability
2016-11-02 11:43:33
redhat
redhat
(RHSA-2016:1547) Important: libtiff security update
2016-08-02 14:27:54
(RHSA-2016:1546) Important: libtiff security update
2016-08-02 14:26:49
oraclelinux
oraclelinux
libtiff security update
2016-08-02 00:00:00
libtiff security update
2016-08-02 00:00:00
ibm
ibm
Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in tiff affect IBM Flex System Manager(FSM)
2018-06-18 01:32:21
Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM
2018-06-18 01:33:05
osv
osv
tiff - security update
2016-01-30 00:00:00
tiff - security update
2016-01-26 00:00:00
tiff - security update
2015-05-25 00:00:00
centos
centos
libtiff security update
2016-08-02 15:06:00
libtiff security update
2016-08-02 21:57:58
ubuntucve
ubuntucve
CVE-2015-8683
2015-12-31 00:00:00
CVE-2015-8781
2016-02-01 00:00:00
CVE-2015-8783
2016-02-01 00:00:00
debiancve
debiancve
CVE-2015-8782
2016-02-01 21:59:02
CVE-2015-8781
2016-02-01 21:59:01
CVE-2015-8665
2016-04-13 17:59:04
prion
prion
Out-of-bounds
2016-02-01 21:59:00
Out-of-bounds
2016-02-01 21:59:00
Code injection
2016-04-13 17:59:00
cve
cve
CVE-2015-8781
2016-02-01 21:59:01
CVE-2015-8782
2016-02-01 21:59:02
CVE-2015-8665
2016-04-13 17:59:04
nvd
nvd
CVE-2015-8782
2016-02-01 21:59:02
CVE-2015-8781
2016-02-01 21:59:01
CVE-2015-8665
2016-04-13 17:59:04
cvelist
cvelist
CVE-2015-8781
2016-02-01 21:00:00
CVE-2015-8782
2016-02-01 21:00:00
CVE-2015-8665
2016-04-13 17:00:00
veracode
veracode
Denial Of Service (DoS)
2018-08-01 06:37:08
Denial Of Service (DoS)
2019-05-02 05:45:56
Denial Of Service (DoS)
2018-08-01 03:55:07
freebsd
freebsd
tiff -- out-of-bounds read in tif_getimage.c
2015-12-24 00:00:00
tiff -- out-of-bounds read in CIE Lab image format
2015-12-25 00:00:00
alpinelinux
alpinelinux
CVE-2014-8127
2017-06-26 15:29:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-libtiff-4.0.3-6.fc22
2015-05-01 16:38:10
[SECURITY] Fedora 21 Update: mingw-libtiff-4.0.3-6.fc21
2015-05-04 15:24:27
[SECURITY] Fedora 22 Update: libtiff-4.0.3-20.fc22
2015-06-02 15:14:07
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
slackware
slackware
[slackware-security] libtiff
2017-04-08 20:11:36
suse
suse
Security update for tiff (important)
2016-12-07 15:08:51
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00

AI Score

7.8

Confidence

High

EPSS

0.057

Percentile

93.5%

JSON
Related for F5:K35155453
f51nessus48debian8openvas36cloudfoundry1ubuntu3amazon3securityvulns3mageia3redhat2oraclelinux2ibm3osv7centos2ubuntucve12debiancve9prion9cve9nvd9cvelist9veracode9freebsd2alpinelinux1fedora4altlinux1slackware1suse1gentoo1