CVE-2016-5315 — Out-of-bounds Read in Tiff

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 38.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff Debian Linux

Timeline

PublishedMar 7

Latest updateMay 17

Description

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.6

▶debiandebian/tiff< tiff 4.0.6-2 (bookworm)

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-7vx7-8m24-fqv4: The setByteArray function in tif_dir↗2022-05-17

▶

OSV

CVE-2016-5315: The setByteArray function in tif_dir↗2017-03-07

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2017-02-27

▶

Red Hat

libtiff: Out-of-bounds read in setByteArray() function in tif_dir.c↗2016-06-15

▶

Debian

CVE-2016-5315: tiff - The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remot...↗2016

▶

💬Community

Bugzilla

CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 libtiff: various flaws [fedora-all]↗2016-06-15

▶

Bugzilla

CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 mingw-libtiff: various flaws [fedora-all]↗2016-06-15

▶

Bugzilla

CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 mingw-libtiff: various flaws [epel-7]↗2016-06-15

▶

Bugzilla

CVE-2016-5315 libtiff: Out-of-bounds read in setByteArray() function in tif_dir.c↗2016-06-15

▶