Your submission was sent successfully! Close

CVE-2015-7554

Published: 08 January 2016

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.7-7)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.0.6-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.3-7ubuntu0.6)
Patches:
Vendor: https://git.centos.org/blob/rpms!libtiff.git/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2015-7554.patch
Upstream: https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06