Published: 06/12/2016 Updated: 05/01/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Integer overflow in tools/bmp2tiff.c in LibTIFF prior to 4.0.4 allows remote malicious users to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff

Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...

Multiple flaws have been discovered in libtiff A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) Multiple flaws have been discovered in variou ...

Integer overflow in tools/bmp2tiffc in LibTIFF before 404 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file ...

CWE-20 CWE-190 http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz http://www.floyd.ch/?p=874BMP http://www.securityfocus.com/bid/94717 http://rhn.redhat.com/errata/RHSA-2017-0225.html https://access.redhat.com/errata/RHSA-2017:0225 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-802.html

CVE-2015-8870

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect