CVE-2016-5652Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
7.0HIGHNVD
EPSS
6.4%
top 8.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedJan 6
Latest updateMay 14

Description

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDlibtiff/libtiff4.0.6
debiandebian/tiff< tiff 4.0.6-3 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-6mjw-r7c8-wvv4: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool2022-05-14
OSV
CVE-2016-5652: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool2017-01-06

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2017-02-27
Red Hat
libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow2016-10-25
Debian
CVE-2016-5652: tiff - An exploitable heap-based buffer overflow exists in the handling of TIFF images ...2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution2016-10-25
Talos
Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution2016-10-25

💬Community

4
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 mingw-libtiff: various flaws [epel-7]2016-10-27
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 libtiff: various flaws [fedora-all]2016-10-27
Bugzilla
CVE-2016-5652 libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow2016-10-27
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 mingw-libtiff: various flaws [fedora-all]2016-10-27