CVE-2016-9532

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2592

http://www.debian.org/security/2017/dsa-3762

http://www.openwall.com/lists/oss-security/2016/11/11/14

http://www.openwall.com/lists/oss-security/2016/11/21/1

http://www.openwall.com/lists/oss-security/2016/11/22/1

http://www.securityfocus.com/bid/94424

https://bugzilla.redhat.com/show_bug.cgi?id=1397726

https://security.gentoo.org/glsa/201701-16

Details

Source: MITRE

Published: 2017-02-06

Updated: 2017-02-08

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.6 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
131619EulerOS 2.0 SP2 : libtiff (EulerOS-SA-2019-2466)NessusHuawei Local Security Checks
critical
124940EulerOS Virtualization 3.0.1.0 : libtiff (EulerOS-SA-2019-1437)NessusHuawei Local Security Checks
high
110741EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2018-1165)NessusHuawei Local Security Checks
critical
97434Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1)NessusUbuntu Local Security Checks
critical
96495Debian DSA-3762-1 : tiff - security updateNessusDebian Local Security Checks
critical
96373GLSA-201701-16 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95261Debian DLA-716-1 : tiff security updateNessusDebian Local Security Checks
high