CVE-2015-8665
published 2016-04-13CVE-2015-8665: tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
PriorityP421medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
2.86%
85.0th percentile
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.6-1 (bookworm) | tiff 4.0.6-1 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-487c-w7vm-2hxw: tif_getimage
ghsa_unreviewed·2022-05-14
CVE-2015-8665 [MEDIUM] CWE-119 GHSA-487c-w7vm-2hxw: tif_getimage
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
OSV
CVE-2015-8665: tif_getimage
osv·2016-04-13·CVSS 5.5
CVE-2015-8665 [MEDIUM] CVE-2015-8665: tif_getimage
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2016-03-23
CVE-2015-8665 LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtiff: Out-of-bounds read in tif_getimage.c
vendor_redhat·2015-12-24·CVSS 5.5
CVE-2015-8665 [MEDIUM] CWE-125 libtiff: Out-of-bounds read in tif_getimage.c
libtiff: Out-of-bounds read in tif_getimage.c
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Package: libtiff (Red Hat Enterprise Linux 5) - Affected
Debian
CVE-2015-8665: tiff - tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of ser...
vendor_debian·2015·CVSS 5.5
CVE-2015-8665 [MEDIUM] CVE-2015-8665: tiff - tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of ser...
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Scope: local
bookworm: resolved (fixed in 4.0.6-1)
bullseye: resolved (fixed in 4.0.6-1)
forky: resolved (fixed in 4.0.6-1)
sid: resolved (fixed in 4.0.6-1)
trixie: resolved (fixed in 4.0.6-1)
No detection rules found.
No public exploits indexed.
http://rhn.redhat.com/errata/RHSA-2016-1546.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1547.htmlhttp://www.debian.org/security/2016/dsa-3467http://www.openwall.com/lists/oss-security/2015/12/24/2http://www.openwall.com/lists/oss-security/2015/12/24/4http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/79728http://www.securitytracker.com/id/1035508http://www.ubuntu.com/usn/USN-2939-1https://security.gentoo.org/glsa/201701-16http://rhn.redhat.com/errata/RHSA-2016-1546.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1547.htmlhttp://www.debian.org/security/2016/dsa-3467http://www.openwall.com/lists/oss-security/2015/12/24/2http://www.openwall.com/lists/oss-security/2015/12/24/4http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/79728http://www.securitytracker.com/id/1035508http://www.ubuntu.com/usn/USN-2939-1https://security.gentoo.org/glsa/201701-16
2016-04-13
Published