CVE-2016-10095
- Source
- https://cve.org/CVERecord?id=CVE-2016-10095
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10095.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-10095
- Downstream
- Related
- Published
- 2017-03-01T15:59:00.290Z
- Modified
- 2026-02-24T11:00:45.786928Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Stack-based buffer overflow in the TIFFVGetField function in tifdir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
- References
-
- http://www.securityfocus.com/bid/95178
- http://www.debian.org/security/2017/dsa-3903
- http://www.openwall.com/lists/oss-security/2017/01/01/11
- http://www.openwall.com/lists/oss-security/2017/01/01/7
- https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
- http://bugzilla.maptools.org/show_bug.cgi?id=2625
- http://www.openwall.com/lists/oss-security/2017/01/01/11
- http://www.openwall.com/lists/oss-security/2017/01/01/7
- http://bugzilla.maptools.org/show_bug.cgi?id=2625
- https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
Affected packages
Git / gitlab.com/libtiff/libtiff
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/libtiff/libtiff
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v3.*
v3.5.3
v3.5.4
v3.5.5
v3.5.7
v3.6.0
v3.6.0beta2
v3.6.1
v3.7.0
v3.7.0alpha
v3.7.0beta
v3.7.0beta2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v4.*
v4.0.0
v4.0.0alpha
v4.0.0alpha4
v4.0.0alpha5
v4.0.0alpha6
v4.0.0beta7
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.4beta
v4.0.5
v4.0.6
v4.0.7