CVE-2016-3186
Published: 19 April 2016
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream removed the gif2tiff utility in 4.0.7 patch in redhat bug https://bugzilla.redhat.com/show_bug.cgi?id=1319666#c6 we will not be fixing this issue in precise/esm |
Priority
CVSS 3 base score: 6.2
Status
| Package | Release | Status |
|---|---|---|
|
tiff Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.0.7-1)
|
| precise |
Ignored
|
|
| trusty |
Released
(4.0.3-7ubuntu0.9)
|
|
| upstream |
Released
(4.0.6-3)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(4.0.6-1ubuntu0.4)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Not vulnerable
(4.0.7-1)
|