Your submission was sent successfully! Close

CVE-2016-3619

Published: 3 October 2016

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian 		artful Not vulnerable
(4.0.7-1)
precise Ignored

trusty Ignored

upstream
Released (4.0.6-3)
wily Ignored
(reached end-of-life)
xenial Ignored

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(4.0.7-1)

Notes

AuthorNote
sbeattie 
out of bounds read
mdeslaur 
upstream removed the bmp2tiff utility in 4.0.7
we will not be fixing this minor issue, marking as ignored

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading