Published: 03/10/2016 Updated: 03/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and previous versions, when the "-c lzw" option is used, allows remote malicious users to cause a denial of service (buffer over-read) via a crafted BMP image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff

The LZWEncode function in tif_lzwc in the bmp2tiff tool in LibTIFF 406 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image ...

Debian Bug report logs - #820362 tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:02 UTC Severity: important ...

Debian Bug report logs - #842361 CVE-2016-5652: heap based buffer overflow in tiff2pdf Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 28 Oct 2016 12:42:05 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820363 tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:06 UTC Severity: important Tags: security, upstream Found in ...

Debian Bug report logs - #819972 tiff: CVE-2016-3186: buffer overflow in gif2tiff Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Apr 2016 12:51:02 UTC Severity: important Tags: security, upstream, wontfix Fo ...

Debian Bug report logs - #842046 Multiple CVE: Remove tools dropped by upstream Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 25 Oct 2016 14:00:02 UTC Severity: important Tags: security Found in version 402-6 Fixed in v ...

Debian Bug report logs - #842270 CVE-2016-6223: information leak in libtiff/tif_readc Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 27 Oct 2016 14:30:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820364 tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:11 UTC Severity: important Tags: security, upstream ...

Debian Bug report logs - #820366 tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:54:02 UTC Severity: important Tags: fixed-ups ...

CWE-125 http://bugzilla.maptools.org/show_bug.cgi?id=2565 http://www.openwall.com/lists/oss-security/2016/04/07/3 https://security.gentoo.org/glsa/201701-16 http://www.securitytracker.com/id/1035508 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-3621

Get Started

CVE-2016-3621

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect