Your submission was sent successfully! Close

CVE-2016-3619

Published: 3 October 2016

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.0.7-1)
precise Ignored

trusty Ignored

upstream
Released (4.0.6-3)
wily Ignored
(reached end-of-life)
xenial Ignored

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(4.0.7-1)

Notes

AuthorNote
sbeattie
out of bounds read
mdeslaur
upstream removed the bmp2tiff utility in 4.0.7
we will not be fixing this minor issue, marking as ignored

References

Bugs