Main Vulnerability Database Vulnerabilities #VU32177

Buffer overflow in LibTIFF - CVE-2016-5317

Published: January 20, 2017 / Updated: July 28, 2020

Vulnerability identifier: #VU32177

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-5317

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibTIFF

Affected software:
LibTIFF

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

How to mitigate CVE-2016-5317

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
http://www.debian.org/security/2017/dsa-3762
http://www.openwall.com/lists/oss-security/2016/06/15/10
http://www.openwall.com/lists/oss-security/2016/06/15/5
http://www.securityfocus.com/bid/91208
https://security.gentoo.org/glsa/201701-16

Buffer overflow in LibTIFF - CVE-2016-5317

Detailed vulnerability description

How to mitigate CVE-2016-5317

Sources

Please verify you're human