Multiple vulnerabilities in LibTIFF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2016-10268 CVE-2016-9453 CVE-2016-9536 CVE-2016-10094 CVE-2016-10093 CVE-2016-10092 CVE-2017-17942 |
| CWE-ID | CWE-119 CWE-787 CWE-193 CWE-190 CWE-122 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
LibTIFF Universal components / Libraries / Libraries used by multiple products |
| Vendor | LibTIFF |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU12653
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10268
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to integer underflow and heap-based buffer under-read. A remote attacker can trick the victim into opening a specially crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23, trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.7
CPE2.3 External linkshttps://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU12655
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-9453
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the t2p_readwrite_pdf_image_tile function due to out-of-bounds write. A remote attacker can trick the victim into opening a specially crafted JPEG file with a TIFFTAG_JPEGTABLES of length one and cause the service to rash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: All versions
CPE2.3 External linkshttps://bugzilla.maptools.org/show_bug.cgi?id=2579
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU12656
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-9536
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in heap allocated buffers in t2p_process_jpeg_strip() in tools/tiff2pdf.c due to out-of-bounds write, aka "t2p_process_jpeg_strip heap-buffer-overflow." A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.6
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Off-by-one error
EUVDB-ID: #VU13550
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10094
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c when processing malicious input. A remote attacker can send a specially crafted image and cause the service to crash.
MitigationInstall update from vendor's website.
LibTIFF: 4.0.7
CPE2.3 External linkshttps://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU13549
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10093
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow in tools/tiffcp.c when processing malicious input. A remote attacker can send a specially crafted image, trigger heap-based buffer overflow and cause the service to crash.
MitigationInstall update from vendor's website.
LibTIFF: 4.0.7
CPE2.3 External linkshttps://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU13548
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10092
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c when processing malicious input. A remote attacker can send a specially crafted image, trigger memory corruption and cause the service to crash.
MitigationInstall update from vendor's website.
LibTIFF: 4.0.7
CPE2.3 External linkshttps://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer over-read
EUVDB-ID: #VU10310
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17942
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLibTIFF: 4.0.9
CPE2.3 External linkshttps://www.securityfocus.com/bid/102312
https://bugzilla.maptools.org/show_bug.cgi?id=2767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
