Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-1547

Опубликовано: 13 апр. 2016
Источник: debian
EPSS Низкий

Описание

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tifffixed4.0.3-12.1package
tiff3removedpackage

Примечания

  • http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif

  • fix in https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1547

  • is applied in 4.0.3-13 (but please recheck this)

  • Raphael Hertzog> I could not find a way to reliably use the above reproducer. No segfault. And valgrind on "xloadimage" spits lots of warnings about use of uninitialized values with a good file and with the reproducer.

  • Still this CVE has been added to DLA-221-1 because the patch used for CVE-2014-9655 seems to include the fix for this CVE.

EPSS

Процентиль: 89%
0.04425
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-1547

CVSS3: 6.5
ubuntu
больше 9 лет назад

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

redhat логотип

CVE-2015-1547

CVSS3: 4.4
redhat
больше 10 лет назад

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

nvd логотип

CVE-2015-1547

CVSS3: 6.5
nvd
больше 9 лет назад

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

github логотип

GHSA-63xc-994f-r5qr

CVSS3: 6.5
github
больше 3 лет назад

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

oracle-oval логотип

ELSA-2016-1547

oracle-oval
около 9 лет назад

ELSA-2016-1547: libtiff security update (IMPORTANT)

EPSS

Процентиль: 89%
0.04425
Низкий