Your submission was sent successfully! Close

CVE-2016-5652

Published: 06 January 2017

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

Priority

Low

CVSS 3 base score: 7.0

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.7)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.0.6-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.3-7ubuntu0.6)
Patches:
Upstream: https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63