CVE-2016-5318

Published: 20 January 2017

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.6-3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.0.6-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.3-7ubuntu0.9)
Patches:
Upstream: https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06