CVE-2015-1547 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff Debian Linux

Timeline

PublishedApr 13

Latest updateMay 14

Description

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.6

▶debiandebian/tiff< tiff 4.0.3-12.1 (bookworm)

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-63xc-994f-r5qr: The NeXTDecode function in tif_next↗2022-05-14

▶

OSV

CVE-2015-1547: The NeXTDecode function in tif_next↗2016-04-13

▶

📋Vendor Advisories

Debian

CVE-2015-1547: tiff - The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to caus...↗2015

▶

Red Hat

libtiff: use of uninitialized memory in NeXTDecode↗2014-12-29

▶

💬Community

Bugzilla

CVE-2016-4953 ntp: bad authentication demobilizes ephemeral associations↗2016-05-30

▶

Bugzilla

CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()↗2016-01-25

▶

Bugzilla

CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c↗2015-12-28

▶

Bugzilla

CVE-2015-8668 libtiff: OOB read in bmp2tiff↗2015-12-28

▶

Bugzilla

CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files↗2015-12-28

▶