CVE-2016-10269 — Out-of-bounds Read in Tiff

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 42.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedMar 24

Latest updateMay 13

Description

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.7

▶debiandebian/tiff< tiff 4.0.7-2 (bookworm)

Patches

Patch: blogs.gentoo.org ↗Patch: github.com ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-2rwx-xp6r-mhqf: LibTIFF 4↗2022-05-13

▶

OSV

CVE-2016-10269: LibTIFF 4↗2017-03-24

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2018-03-20

▶

Red Hat

libtiff: Heap-based buffer overflow in tiff_unix.c↗2016-12-03

▶

Debian

CVE-2016-10269: tiff - LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, ...↗2016

▶

💬Community

Bugzilla

mingw-libtiff: various flaws [epel-7]↗2017-04-03

▶

Bugzilla

CVE-2016-10269 libtiff: Heap-based buffer overflow in tiff_unix.c↗2017-04-03

▶

Bugzilla

mingw-libtiff: various flaws [fedora-all]↗2017-04-03

▶

Bugzilla

CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 libtiff: various flaws [fedora-all]↗2017-04-03

▶