CVE-2016-10272

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type: GIT
Repo: https://github.com/vadz/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

Pre360

Release-

Release-3-7-0

Release-v3-5-

Release-v3-5-4

Release-v3-5-5

Release-v3-5-7

Release-v3-6-0

Release-v3-6-0beta2

Release-v3-6-1

Release-v3-7-0-alpha

Release-v3-7-0beta

Release-v3-7-0beta2

Release-v3-7-1

Release-v3-7-2

Release-v3-7-3

Release-v3-7-4

Release-v3-8-0

Release-v3-8-1

Release-v3-8-2

Release-v4-0-0

Release-v4-0-0alpha

Release-v4-0-0alpha4

Release-v4-0-0alpha5

Release-v4-0-0alpha6

Release-v4-0-0beta7

Release-v4-0-1

Release-v4-0-2

Release-v4-0-3

Release-v4-0-4

Release-v4-0-4beta

Release-v4-0-5

Release-v4-0-6

Release-v4-0-7

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",
        "signature_version": "v1",
        "target": {
            "file": "tools/tiffcrop.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "111633499006794891595029772493952131724",
                "206460266800680103780621300178950394508",
                "32075657973777556999564344135156226664",
                "282925417194561605293494953519671084994"
            ]
        },
        "id": "CVE-2016-10272-f27c6683"
    }
]