Published: 18/01/2017 Updated: 04/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

tiffsplit in libtiff 4.0.6 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.6

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but si ...

An out-of-bounds heap read was discovered in libtiff A crafted file could cause the application to crash or, potentially, disclose process memory ...

Debian Bug report logs - #820365 tiff: CVE-2016-3622: Division by zero in fpAcc function Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:15 UTC Severity: important Tags: security, upstream Foun ...

Debian Bug report logs - #800124 tiff: CVE-2015-7313: OOM when parsing crafted tiff files Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 27 Sep 2015 06:42:02 UTC Severity: important Tags: security, upstream Fou ...

Debian Bug report logs - #844013 tiff: CVE-2016-9273 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Nov 2016 19:51:01 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in versions tif ...

Debian Bug report logs - #844226 tiff: CVE-2016-9297: potential read outside buffer in _TIFFPrintField() Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 13 Nov 2016 16:09:04 UTC Severity: normal Tags: fixed-upstr ...

Debian Bug report logs - #820362 tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:02 UTC Severity: important ...

Debian Bug report logs - #842361 CVE-2016-5652: heap based buffer overflow in tiff2pdf Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 28 Oct 2016 12:42:05 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820363 tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:06 UTC Severity: important Tags: security, upstream Found in ...

Debian Bug report logs - #819972 tiff: CVE-2016-3186: buffer overflow in gif2tiff Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Apr 2016 12:51:02 UTC Severity: important Tags: security, upstream, wontfix Fo ...

Debian Bug report logs - #842046 Multiple CVE: Remove tools dropped by upstream Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 25 Oct 2016 14:00:02 UTC Severity: important Tags: security Found in version 402-6 Fixed in v ...

Debian Bug report logs - #842270 CVE-2016-6223: information leak in libtiff/tif_readc Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 27 Oct 2016 14:30:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820364 tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:11 UTC Severity: important Tags: security, upstream ...

Debian Bug report logs - #820366 tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:54:02 UTC Severity: important Tags: fixed-ups ...

A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash ...

CWE-125 http://www.openwall.com/lists/oss-security/2016/11/11/6 http://www.openwall.com/lists/oss-security/2016/11/09/20 http://bugzilla.maptools.org/show_bug.cgi?id=2587 http://www.securityfocus.com/bid/94271 https://security.gentoo.org/glsa/201701-16 http://www.debian.org/security/2017/dsa-3762 https://nvd.nist.gov https://usn.ubuntu.com/3212-1/

Get Started

CVE-2016-9273

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect