Lucene search
Veracode Vulnerability DatabaseVERACODE:6100HistoryApr 12, 2018 - 5:43 a.m.
Denial Of Service (DoS) Through Stack Buffer Overflow
2018-04-1205:43:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.007 Low
EPSS
Percentile
81.0%
libtiff.so is vulnerable to denial of service (DoS) through stack-based buffer overflow. The vulnerability exists in the TIFFGetField function where a stack-based buffer overflow can occur, when parsing a tiff file, depending on whether a codec was enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libtiff.so | le | 3.9.7 | |
| libtiff | le | 4.0.6.2 |
References
bugzilla.maptools.org/show_bug.cgi?id=2625
seclists.org/oss-sec/2017/q1/6
www.debian.org/security/2017/dsa-3903
www.openwall.com/lists/oss-security/2017/01/01/11
www.openwall.com/lists/oss-security/2017/01/01/7
www.securityfocus.com/bid/95178
blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
bugzilla.suse.com/show_bug.cgi?id=1017690
github.com/vadz/libtiff/commit/6281927e03aed3fdaac4c25e1cd1a5ff7232bcd8
Related
cve
cve
CVE-2016-10095
2017-03-01 15:59:00
prion
prion
Stack overflow
2017-03-01 15:59:00
nvd
nvd
CVE-2016-10095
2017-03-01 15:59:00
cvelist
cvelist
CVE-2016-10095
2017-03-01 15:00:00
osv
osv
CVE-2016-10095
2017-03-01 15:59:00
tiff - security update
2017-06-13 00:00:00
tiff3 - security update
2017-06-13 00:00:00
debiancve
debiancve
CVE-2016-10095
2017-03-01 15:59:00
archlinux
archlinux
[ASA-201707-17] libtiff: arbitrary code execution
2017-07-18 00:00:00
[ASA-201707-18] lib32-libtiff: arbitrary code execution
2017-07-18 00:00:00
redhatcve
redhatcve
CVE-2016-10095
2017-01-04 11:48:00
ubuntucve
ubuntucve
CVE-2016-10095
2017-03-01 00:00:00
nessus
nessus
Slackware 14.2 / current : libtiff (SSA:2017-324-01)
2017-11-21 00:00:00
Debian DLA-983-1 : tiff3 security update
2017-06-14 00:00:00
Debian DLA-984-1 : tiff security update
2017-06-14 00:00:00
slackware
slackware
[slackware-security] libtiff
2017-11-21 06:05:39
openvas
openvas
Slackware: Security Advisory (SSA:2017-324-01)
2022-04-21 00:00:00
Debian: Security Advisory (DLA-984-1)
2018-01-28 00:00:00
Debian: Security Advisory (DLA-983-1)
2018-01-28 00:00:00
debian
debian
[SECURITY] [DLA 984-1] tiff security update
2017-06-13 14:40:23
[SECURITY] [DLA 983-1] tiff3 security update
2017-06-13 14:40:15
[SECURITY] [DSA 3903-1] tiff security update
2017-07-05 20:57:22
suse
suse
Security update for tiff (important)
2018-01-12 15:08:49
Security update for tiff (important)
2018-01-15 15:15:26
mageia
mageia
Updated libtiff packages fix security vulnerability
2017-07-01 10:04:05
