CVE-2016-10269

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10269
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10269.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10269
Downstream
Related
Published
2017-03-24T19:59:00.253Z
Modified
2025-11-14T04:30:39.199370Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1044b43637fa7f70fb19b93593777b78bd20da86

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 237.0,
            "function_hash": "156935026607999274605174739785433192017"
        },
        "target": {
            "file": "libtiff/tif_luv.c",
            "function": "LogLuvClose"
        },
        "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
        "id": "CVE-2016-10269-613a55b4",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "26839715329221870320889754407821069746",
                "264837500327746807402086145918732980012",
                "288658469619971624593554952031763377094",
                "233692747760544501297264180676044616000",
                "58877970245781362337096520297824206545",
                "168237795276396746769701518814655732634",
                "231456431022148738345425543397932332965",
                "274942224386504519985678155876873494800",
                "263385401691665672313341503187962856966",
                "16730167252715994748866895871966545500",
                "334769555662410305813176432925452621390",
                "61136965913566749095217374316929984629",
                "112330326926976831678878121397445352412",
                "156368953257557227283830009689593886797",
                "77419270978850260719718826777911165697",
                "42619033949250172909640178542169157906",
                "166440836208412782103753817856290299398"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libtiff/tif_luv.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
        "id": "CVE-2016-10269-698cdc1a",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "113687249411579510802800124961192188118",
                "11508600432903789210751911445596025634",
                "22662973915352784340209776628135221412",
                "184341363403314192038866735200039387928",
                "129895138452027020123485807256834108207",
                "256327435011055726137920106441042789212",
                "53767934271067213049716745082062299865"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libtiff/tif_pixarlog.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
        "id": "CVE-2016-10269-83bd09a5",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 1560.0,
            "function_hash": "58796327780794648659466221223127117800"
        },
        "target": {
            "file": "libtiff/tif_luv.c",
            "function": "LogLuvSetupEncode"
        },
        "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
        "id": "CVE-2016-10269-cb15ea2f",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 153.0,
            "function_hash": "74975776022488008058007400261370943112"
        },
        "target": {
            "file": "libtiff/tif_pixarlog.c",
            "function": "PixarLogClose"
        },
        "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
        "id": "CVE-2016-10269-ef35a972",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    }
]