Published: 03/10/2016 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and previous versions allows remote malicious users to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff

The tagCompare function in tif_dirinfoc in the thumbnail tool in LibTIFF 406 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching ...

Debian Bug report logs - #820362 tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:02 UTC Severity: important ...

Debian Bug report logs - #842361 CVE-2016-5652: heap based buffer overflow in tiff2pdf Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 28 Oct 2016 12:42:05 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820363 tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:06 UTC Severity: important Tags: security, upstream Found in ...

Debian Bug report logs - #819972 tiff: CVE-2016-3186: buffer overflow in gif2tiff Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Apr 2016 12:51:02 UTC Severity: important Tags: security, upstream, wontfix Fo ...

Debian Bug report logs - #842046 Multiple CVE: Remove tools dropped by upstream Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 25 Oct 2016 14:00:02 UTC Severity: important Tags: security Found in version 402-6 Fixed in v ...

Debian Bug report logs - #842270 CVE-2016-6223: information leak in libtiff/tif_readc Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 27 Oct 2016 14:30:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820364 tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:11 UTC Severity: important Tags: security, upstream ...

Debian Bug report logs - #820366 tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:54:02 UTC Severity: important Tags: fixed-ups ...

A vulnerability was found in the libtiff library Using the tagCompare function with the thumbnail command on a maliciously crafted tiff file could cause an out-of-bounds read leading to application crash ...

CWE-125 http://www.openwall.com/lists/oss-security/2016/04/08/13 http://bugzilla.maptools.org/show_bug.cgi?id=2547 http://www.securityfocus.com/bid/93335 https://security.gentoo.org/glsa/201701-16 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-3634 https://security.archlinux.org/CVE-2016-3634

Get Started

CVE-2016-3634

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect