CVE-2015-8782Out-of-bounds Write in Libtiff

CWE-787Out-of-bounds Write13 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.6%
top 18.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibtiffDebian TiffDebian Linux
Timeline
PublishedFeb 1
Latest updateMay 13

Description

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff< 4.0.7
debiandebian/tiff< tiff 4.0.6-1 (bookworm)

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-hx92-9cmr-5f3c: tif_luv2022-05-13
GHSA
GHSA-8c4j-q3jf-x983: tif_luv2022-05-13
OSV
CVE-2015-8782: tif_luv2016-02-01
OSV
CVE-2015-8781: tif_luv2016-02-01

📋Vendor Advisories

5
Ubuntu
LibTIFF vulnerabilities2016-03-23
Red Hat
libtiff: invalid assertion2016-01-24
Red Hat
libtiff: invalid assertion2016-01-24
Debian
CVE-2015-8782: tiff - tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bound...2015
Debian
CVE-2015-8781: tiff - tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bound...2015

💬Community

2
Bugzilla
CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion2016-01-25
Bugzilla
CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: out-of-bounds writes for invalid images [fedora-all]2016-01-25