CVE-2016-10266Divide By Zero in Tiff

CWE-369Divide By Zero11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 31.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedMar 24
Latest updateMay 14

Description

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlibtiff/libtiff4.0.7
debiandebian/tiff< tiff 4.0.7-2 (bookworm)

Patches

Patch: blogs.gentoo.orgPatch: github.comPatch: blogs.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-qfm8-gx7g-79mv: LibTIFF 42022-05-14
OSV
CVE-2016-10266: LibTIFF 42017-03-24

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2018-03-20
Red Hat
libtiff: Divide-by-zero in tif_read.c2016-12-02
Debian
CVE-2016-10266: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-ze...2016

💬Community

5
Bugzilla
CVE-2016-10266 libtiff: Divide-by-zero in tif_read.c2017-04-03
Bugzilla
mingw-libtiff: various flaws [epel-7]2017-04-03
Bugzilla
libtiff: Divide-by-zero in tif_read.c and tiffiop.h2017-04-03
Bugzilla
mingw-libtiff: various flaws [fedora-all]2017-04-03
Bugzilla
CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 libtiff: various flaws [fedora-all]2017-04-03