Your submission was sent successfully! Close

CVE-2016-3621

Published: 03 October 2016

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

Priority

Negligible

CVSS 3 base score: 8.8

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.6-3)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Ignored