Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of LibTIFF.

Impacted products: Debian, LibTIFF, Ubuntu.

Severity: 2/4.

Creation date: 02/01/2017.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in LibTIFF.

An attacker can generate a buffer overflow via tiffcrop, in order
to trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-10092]

An attacker can generate a buffer overflow via tiffcp, in order to
trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-10093]

An attacker can generate a buffer overflow via tiff2pdf, in order
to trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-10094]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/LibTIFF-three-vulnerabilities-21488