CVE-2016-3619 — Out-of-bounds Read in Libtiff

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 23.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Apple IOS Apple Macos Sierra 10.12.4 Security Update 2017-001 EL Capitan AND Security Update 201 +3 more

Timeline

PublishedOct 3

Latest updateMay 17

Description

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDlibtiff/libtiff4.0.6

▶debiandebian/tiff< tiff 4.0.6-3 (bookworm)

▶Appleapple/ios10.3

▶Appleapple/tvos10.2

▶Appleapple/watchos3.2

🔴Vulnerability Details

GHSA

GHSA-qwfp-646h-7pm7: The DumpModeEncode function in tif_dumpmode↗2022-05-17

▶

OSV

CVE-2016-3619: The DumpModeEncode function in tif_dumpmode↗2016-10-03

▶

📋Vendor Advisories

Apple

CVE-2016-3619: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite↗2017-03-27

▶

Apple

CVE-2016-3619: iOS 10.3↗2017-03-27

▶

Apple

CVE-2016-3619: watchOS 3.2↗2017-03-27

▶

Apple

CVE-2017-2412: iOS 10.3↗2017-03-27

▶

Apple

CVE-2016-3619: tvOS 10.2↗2017-03-27

▶

💬Community

Bugzilla

CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 libtiff: various flaws [fedora-all]↗2016-04-07

▶

Bugzilla

CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 mingw-libtiff: various flaws [fedora-all]↗2016-04-07

▶

Bugzilla

CVE-2016-3619 libtiff: bmp2tiff DumpModeEncode OOB read↗2016-03-10

▶