CVE-2016-10268

Published: Mar 24, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.

Affected (1)

Products: Libtiff: Libtiff

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.7

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (10)

http://www.securityfocus.com/bid/97202

Source: cve@mitre.org

https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201709-27

Source: cve@mitre.org

https://usn.ubuntu.com/3602-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/97202

Source: af854a3a-2127-422b-91ae-364da2661108

https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201709-27

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3602-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.