CVE-2016-9540 — CRITICAL (9.8)

Vulnerability Description

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libtiff	Libtiff	4.0.6

Related Weaknesses (CWE)

CWE-119 CWE-787

References

http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3762
http://www.securityfocus.com/bid/94484Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/94747
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3Issue TrackingPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3762
http://www.securityfocus.com/bid/94484Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/94747
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2016-9540?

CVE-2016-9540 is a vulnerability with a CVSS score of 9.8 (CRITICAL). tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

How severe is CVE-2016-9540?

CVE-2016-9540 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-9540?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff.