Buffer overflow in LibTIFF

#VU11491 Buffer overflow in LibTIFF

Published: 2018-04-03

Vulnerability identifier: #VU11491

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3186

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibTIFF
Universal components / Libraries / Libraries used by multiple products

Vendor: LibTIFF

Description
The vulnerability allows a remote attacker can cause DoS condition on the target system.

The weakness exists in the gif2tiff.c due to buffer overflow. A remote attacker can submit a specially crafted GIF file and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

LibTIFF: 4.0.6

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1319503

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)

Amazon Linux AMI update for libtiff

Red Hat update for libtiff

Multiple vulnerabilities in LibTIFF

Buffer overflow in tiff (Alpine package)