CVE-2016-6223
published 2017-01-23CVE-2016-6223: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or…
PriorityP340critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
EPSS
3.27%
86.9th percentile
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.6-2 (bookworm) | tiff 4.0.6-2 (bookworm) |
| libtiff | libtiff | <= 4.0.6 | — |
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5rxj-349x-j69q: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read
ghsa_unreviewed·2022-05-17
CVE-2016-6223 [CRITICAL] GHSA-5rxj-349x-j69q: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
OSV
CVE-2016-6223: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read
osv·2017-01-23·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2017-02-27
CVE-2015-7554 LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
vendor_redhat·2016-07-10·CVSS 9.1
CVE-2016-6223 [CRITICAL] CWE-125 libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Package: libtiff (Red Hat Enterprise Linux 5) - Will not fix
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected
Package: libtiff (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2016-6223: tiff - The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff be...
vendor_debian·2016·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223: tiff - The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff be...
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Scope: local
bookworm: resolved (fixed in 4.0.6-2)
bullseye: resolved (fixed in 4.0.6-2)
forky: resolved (fixed in 4.0.6-2)
sid: resolved (fixed in 4.0.6-2)
trixie: resolved (fixed in 4.0.6-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [epel-all]
bugzilla·2016-07-15·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [epel-all]
CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit me
Bugzilla
CVE-2016-6223 libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
bugzilla·2016-07-15·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223 libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
CVE-2016-6223 libtiff: Out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
An out-of-bounds read vulnerability on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value was found. The vulnerability allows an attacker to specify a negative index into the file-content buffer and copy data from that position until the end of the buffer. This will allow an attacker to crash the process by accessing unmapped memory and (depending on how LibTIFF is used) might also allow an attacker to leak sensitive information.
Fixed by commit with commitid: YhOZoKv5OA9gNNdz;
CVE assignment:
http://seclists.org/oss-sec/2016/q3/67
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug
Bugzilla
CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
bugzilla·2016-07-15·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
CVE-2016-6223 mingw-libtiff: libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messa
Bugzilla
CVE-2016-6223 libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
bugzilla·2016-07-15·CVSS 9.1
CVE-2016-6223 [CRITICAL] CVE-2016-6223 libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
CVE-2016-6223 libtiff: Uut-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
http://libtiff.maptools.org/v4.0.7.htmlhttp://www.debian.org/security/2017/dsa-3762http://www.openwall.com/lists/oss-security/2016/07/13/3http://www.openwall.com/lists/oss-security/2016/07/14/4http://www.securityfocus.com/bid/91741https://security.gentoo.org/glsa/201701-16http://libtiff.maptools.org/v4.0.7.htmlhttp://www.debian.org/security/2017/dsa-3762http://www.openwall.com/lists/oss-security/2016/07/13/3http://www.openwall.com/lists/oss-security/2016/07/14/4http://www.securityfocus.com/bid/91741https://security.gentoo.org/glsa/201701-16
2017-01-23
Published