CVE-2016-3631
published 2016-10-03CVE-2016-3631: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service…
PriorityP433high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.59%
83.4th percentile
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.6-3 (bookworm) | tiff 4.0.6-3 (bookworm) |
| libtiff | libtiff | <= 4.0.6 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtiff: thumbnail tool out-of-bounds read vulnerabilities
vendor_redhat·2016-04-07·CVSS 7.5
CVE-2016-3631 [HIGH] CWE-125 libtiff: thumbnail tool out-of-bounds read vulnerabilities
libtiff: thumbnail tool out-of-bounds read vulnerabilities
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: libtiff (Red Hat Enterprise Linux 5) - Will not fix
Package: libtiff (Red Hat Enterprise Linux 6) - Will not fix
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Ente
Debian
CVE-2016-3631: tiff - The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0....
vendor_debian·2016·CVSS 7.5
CVE-2016-3631 [HIGH] CVE-2016-3631: tiff - The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0....
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
Scope: local
bookworm: resolved (fixed in 4.0.6-3)
bullseye: resolved (fixed in 4.0.6-3)
forky: resolved (fixed in 4.0.6-3)
sid: resolved (fixed in 4.0.6-3)
trixie: resolved (fixed in 4.0.6-3)
GHSA
GHSA-g9p3-cr7p-7f92: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4
ghsa_unreviewed·2022-05-14
CVE-2016-3631 [HIGH] CWE-125 GHSA-g9p3-cr7p-7f92: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
OSV
CVE-2016-3631: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4
osv·2016-10-03·CVSS 7.5
CVE-2016-3631 [HIGH] CVE-2016-3631: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
No detection rules found.
No public exploits indexed.
2016-10-03
Published