CVE-2016-3619
published 2016-10-03CVE-2016-3619: The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to…
PriorityP424medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
0.95%
76.8th percentile
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| apple | tvos | — | — |
| apple | watchos | — | — |
| debian | tiff | < tiff 4.0.6-3 (bookworm) | tiff 4.0.6-3 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Apple
CVE-2016-3619: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2016-3619
Component: CVE-2016-3619
Apple
CVE-2016-3619: iOS 10.3
vendor_apple·2017-03-27·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2016-3619
Component: CVE-2016-3619
Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic
Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.
Apple
CVE-2016-3619: watchOS 3.2
vendor_apple·2017-03-27·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: watchOS 3.2
Apple Security Update: About the security content of watchOS 3.2
Product: watchOS
Version: 3.2
CVE: CVE-2016-3619
Component: CVE-2016-3619
Apple
CVE-2017-2412: iOS 10.3
vendor_apple·2017-03-27·CVSS 6.5
CVE-2017-2412 [MEDIUM] CVE-2017-2412: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-2412
Component: CVE-2016-3619
Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic
Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.
Apple
CVE-2016-3619: tvOS 10.2
vendor_apple·2017-03-27·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: tvOS 10.2
Apple Security Update: About the security content of tvOS 10.2
Product: tvOS
Version: 10.2
CVE: CVE-2016-3619
Component: CVE-2016-3619
Red Hat
libtiff: bmp2tiff DumpModeEncode OOB read
vendor_redhat·2016-04-07·CVSS 6.5
CVE-2016-3619 [MEDIUM] CWE-119 libtiff: bmp2tiff DumpModeEncode OOB read
libtiff: bmp2tiff DumpModeEncode OOB read
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Statement: This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7, as they did not include the bmp2tiff tool.
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-3619: tiff - The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4....
vendor_debian·2016·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: tiff - The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4....
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Scope: local
bookworm: resolved (fixed in 4.0.6-3)
bullseye: resolved (fixed in 4.0.6-3)
forky: resolved (fixed in 4.0.6-3)
sid: resolved (fixed in 4.0.6-3)
trixie: resolved (fixed in 4.0.6-3)
GHSA
GHSA-qwfp-646h-7pm7: The DumpModeEncode function in tif_dumpmode
ghsa_unreviewed·2022-05-17
CVE-2016-3619 [MEDIUM] CWE-125 GHSA-qwfp-646h-7pm7: The DumpModeEncode function in tif_dumpmode
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
OSV
CVE-2016-3619: The DumpModeEncode function in tif_dumpmode
osv·2016-10-03·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619: The DumpModeEncode function in tif_dumpmode
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 libtiff: various flaws [fedora-all]
bugzilla·2016-04-07·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 libtiff: various flaws [fedora-all]
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 libtiff: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supporte
Bugzilla
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 mingw-libtiff: various flaws [fedora-all]
bugzilla·2016-04-07·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 mingw-libtiff: various flaws [fedora-all]
CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 mingw-libtiff: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple su
Bugzilla
CVE-2016-3619 libtiff: bmp2tiff DumpModeEncode OOB read
bugzilla·2016-03-10·CVSS 6.5
CVE-2016-3619 [MEDIUM] CVE-2016-3619 libtiff: bmp2tiff DumpModeEncode OOB read
CVE-2016-3619 libtiff: bmp2tiff DumpModeEncode OOB read
It was reported that an out-of-bounds memory read could be triggered by processing a specially crafted BMP file using the bmp2tiff tool.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2567
Discussion:
Acknowledgments:
Name: Mei Wang (Qihoo 360)
---
Created attachment 1135189
Crash report
---
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1324816]
---
Created mingw-libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1324817]
---
Public via:
http://seclists.org/oss-sec/2016/q2/20
---
Statement:
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat
http://bugzilla.maptools.org/show_bug.cgi?id=2567http://www.openwall.com/lists/oss-security/2016/04/07/1http://www.securityfocus.com/bid/85919http://www.securitytracker.com/id/1035508https://security.gentoo.org/glsa/201701-16http://bugzilla.maptools.org/show_bug.cgi?id=2567http://www.openwall.com/lists/oss-security/2016/04/07/1http://www.securityfocus.com/bid/85919http://www.securitytracker.com/id/1035508https://security.gentoo.org/glsa/201701-16
2016-10-03
Published