CVE-2016-3622 — Divide By Zero in Tiff

CWE-369 — Divide By Zero9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedOct 3

Latest updateMay 17

Description

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.6

▶debiandebian/tiff< tiff 4.0.7-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-x5xg-3gfm-7r9v: The fpAcc function in tif_predict↗2022-05-17

▶

OSV

CVE-2016-3622: The fpAcc function in tif_predict↗2016-10-03

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2017-02-27

▶

Red Hat

libtiff: Division by zero in fpAcc function↗2016-04-07

▶

Debian

CVE-2016-3622: tiff - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and e...↗2016

▶

💬Community

Bugzilla

CVE-2016-3622 libtiff: Division by zero in fpAcc function↗2016-04-07

▶

Bugzilla

CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 libtiff: various flaws [fedora-all]↗2016-04-07

▶

Bugzilla

CVE-2016-3619 CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 mingw-libtiff: various flaws [fedora-all]↗2016-04-07

▶