CVE-2016-3991

CWE-119Buffer OverflowCWE-787Out-of-bounds Write9 documents8 sources
Severity
7.8HIGH
EPSS
0.4%
top 36.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libtiff LibtiffOracle VM Server
Timeline
PublishedSep 21
Latest updateMay 14

Description

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlibtiff/libtiff4.0.6
Debiantiff< 4.0.7-1+3
NVDoracle/vm_server3.3, 3.4+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-58qw-mp64-h579: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 42022-05-14
CVEList
CVE-2016-3991: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 42016-09-21
OSV
CVE-2016-3991: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 42016-09-21

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2017-07-19
Ubuntu
LibTIFF vulnerabilities2017-02-27
Red Hat
libtiff: out-of-bounds write in loadImage() function2016-04-12
Debian
CVE-2016-3991: tiff - Heap-based buffer overflow in the loadImage function in the tiffcrop tool in Lib...2016

💬Community

1
Bugzilla
CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function2016-04-12
CVE-2016-3991 (HIGH CVSS 7.8) | Heap-based buffer overflow in the l | cvebase.io