CVE-2016-9538

Опубликовано: 08 окт. 2016

Источник: redhat

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

Отчет

This is an Out-of-bounds read flaw in the libtiff library. A specially-crafted image can cause an application linked with the libtiff library to crash.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libtiff	Will not fix
Red Hat Enterprise Linux 6	libtiff	Will not fix
Red Hat Enterprise Linux 7	compat-libtiff3	Will not fix
Red Hat Enterprise Linux 7	libtiff	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1397765libtiff: Integer overflow leads to reading undefined buffer in readContigStripsIntoBuffer()

EPSS

Процентиль: 61%

0.00416

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-9538

CVSS3: 9.8

ubuntu

около 9 лет назад

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

CVE-2016-9538

CVSS3: 9.8

nvd

около 9 лет назад

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

CVE-2016-9538

CVSS3: 9.8

debian

около 9 лет назад

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readCon ...

GHSA-6c84-54g6-hcp3

CVSS3: 9.8

github

больше 3 лет назад

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

EPSS

Процентиль: 61%

0.00416

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2