Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU32277
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-8781
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
MitigationInstall update from vendor's website.
Vulnerable software versionsLibTIFF: 1:6.0p1-4+deb7u4
CPE2.3 External linkshttps://bugzilla.maptools.org/show_bug.cgi?id=2522#c0
https://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
https://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
https://rhn.redhat.com/errata/RHSA-2016-1546.html
https://rhn.redhat.com/errata/RHSA-2016-1547.html
https://www.debian.org/security/2016/dsa-3467
https://www.openwall.com/lists/oss-security/2016/01/24/3
https://www.openwall.com/lists/oss-security/2016/01/24/7
https://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://www.securityfocus.com/bid/81730
https://www.ubuntu.com/usn/USN-2939-1
https://security.gentoo.org/glsa/201701-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.