Your submission was sent successfully! Close

CVE-2016-5323

Published: 20 January 2017

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.0.7-1)
precise Ignored

trusty
Released (4.0.3-7ubuntu0.6)
upstream
Released (4.0.7)
wily Ignored
(reached end-of-life)
xenial
Released (4.0.6-1ubuntu0.1)
yakkety Not vulnerable
(4.0.6-2)
zesty Not vulnerable
(4.0.7-1)
Patches:
upstream: https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0
upstream: https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31