Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-5318

Published: 20 January 2017

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

Notes

AuthorNote
mdeslaur
same problem as CVE-2015-7554
we will not be fixing this issue in precise/esm

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.0.8-5)
precise Ignored

trusty
Released (4.0.3-7ubuntu0.9)
upstream
Released (4.0.6-3)
wily Ignored
(reached end-of-life)
xenial
Released (4.0.6-1ubuntu0.4)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06