CVE-2016-5316

Summary

CVE	CVE-2016-5316
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-01-20 15:59:00 UTC
Updated	2018-10-30 16:27:00 UTC
Description	Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libtiff	Libtiff	All	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Operating System	Opensuse Project	Leap	42.1	All	All	All
Operating System	Opensuse Project	Leap	42.1	All	All	All

References

Reference	Source	Link	Tags
openSUSE-SU-2016:2375-1: moderate: tiff	SUSE	lists.opensuse.org	Third Party Advisory
Debian -- Security Information -- DSA-3762-1 tiff	DEBIAN	www.debian.org
libTIFF: Multiple vulnerabilities (GLSA 201701-16) — Gentoo Security	GENTOO	security.gentoo.org
oss-security - CVE-2016-5316: libtiff 4.0.6 tif_pixarlog.c: PixarLogCleanup() Segmentation fault	MLIST	www.openwall.com	Mailing List, Third Party Advisory
openSUSE-SU-2016:2321-1: moderate: Security update for tiff	SUSE	lists.opensuse.org	Third Party Advisory
LibTIFF 'PixarLogCleanup()' Function Out of Bounds Read Denial of Service Vulnerability	BID	www.securityfocus.com
openSUSE-SU-2016:1889-1: moderate: Security update for tiff	SUSE	lists.opensuse.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710479 Gentoo Linux libTIFF Multiple Vulnerabilities (GLSA 201701-16)