cbcvebase.
CVE-2016-5652
published 2017-01-06

CVE-2016-5652: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based…

PriorityP432high7CVSS 3.0
AVLACHPRNUIRSUCHIHAH
EPSS
4.30%
89.9th percentile
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 4.0.6-3 (bookworm)tiff 4.0.6-3 (bookworm)
libtifflibtiff

CVSS provenance

nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.0HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.