Buffer Overflow in LibTIFF Affects Image Processing Functionality
CVE-2016-5314

8.8HIGH

Key Information:

Vendor

Libtiff

Status
Libtiff
Vendor
CVE Published:
12 March 2018

What is CVE-2016-5314?

A buffer overflow vulnerability exists within the PixarLogDecode function of LibTIFF, specifically in tif_pixarlog.c. This flaw enables remote attackers to send specially crafted TIFF images that may cause an application crash or possibly manipulate memory by overwriting critical function pointers, leading to further exploitation. The issue is evident in LibTIFF version 4.0.6 and earlier, making it crucial for users to update to secure versions to avoid potential denial-of-service situations and associated impacts.

References

https://www.debian.org/security/2017/dsa-3762
vendor-advisoryx_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.