Lucene search

Veracode Vulnerability DatabaseVERACODE:6106

HistoryApr 12, 2018 - 4:28 p.m.

Denial Of Service (DoS) Through Buffer Overflow

2018-04-1216:28:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.4%

JSON

libtiff.so is vulnerable to denial of service (DoS) through buffer overflow. The application does not properly increment the output buffer in the readContigStripsIntoBuffer function in the tools/tiffcrop.c file, allowing a malicious user to cause a buffer overwrite.

CPENameOperatorVersion
libtiff.sole3.9.7
libtiffle4.0.6.2

CPE	Name	Operator	Version
	libtiff.so	le	3.9.7
	libtiff	le	4.0.6.2

References

bugzilla.maptools.org/show_bug.cgi?id=2610

www.debian.org/security/2017/dsa-3762

www.openwall.com/lists/oss-security/2017/01/01/10

www.openwall.com/lists/oss-security/2017/01/01/12

www.securityfocus.com/bid/95215

blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

bugzilla.suse.com/show_bug.cgi?id=1017693

github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093

github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec

github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for VERACODE:6106