|
|
Log in / Subscribe / Register

tiff: multiple vulnerabilities

Package(s):tiff CVE #(s):CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3631 CVE-2016-3633 CVE-2016-3634 CVE-2016-5102 CVE-2016-5318 CVE-2016-5319 CVE-2016-5652 CVE-2016-8331 CVE-2016-3624
Created:November 2, 2016 Updated:February 1, 2017
Description: From the CVE entries:

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. (CVE-2016-3619)

The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. (CVE-2016-3620)

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. (CVE-2016-3621)

The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. (CVE-2016-3631)

The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. (CVE-2016-3633)

The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. (CVE-2016-3634)

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. (CVE-2016-8331)

The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. (CVE-2016-3624)

CVE-2016-5102, CVE-2016-5318, CVE-2016-5319, and CVE-2016-5652 are unspecified.

Alerts:
Debian-LTS DLA-692-1 tiff3 2016-11-02
Debian-LTS DLA-693-1 tiff 2016-11-02
Scientific Linux SLSA-2017:0225-1 libtiff 2017-02-02
Oracle ELSA-2017-0225 libtiff 2017-02-01
Oracle ELSA-2017-0225 libtiff 2017-02-01
CentOS CESA-2017:0225 libtiff 2017-02-01
CentOS CESA-2017:0225 libtiff 2017-02-01
Red Hat RHSA-2017:0225-01 libtiff 2017-02-01
Debian-LTS DLA-795-1 tiff 2017-01-23
Debian DSA-3762-1 tiff 2017-01-13
Gentoo 201701-16 tiff 2017-01-09
openSUSE openSUSE-SU-2017:0074-1 tiff 2017-01-08
openSUSE openSUSE-SU-2016:3035-1 tiff 2016-12-07
Arch Linux ASA-201611-26 libtiff 2016-11-25
Arch Linux ASA-201611-27 lib32-libtiff 2016-11-25
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds