QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5314

Published: Mar 12, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

x_refsource_CONFIRM

openSUSE-SU-2016:3035

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

openSUSE-SU-2016:2321

vendor-advisory

x_refsource_SUSE

[oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1346687

x_refsource_CONFIRM

https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2016:1889

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:2375

vendor-advisory

x_refsource_SUSE

[oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution

mailing-list

x_refsource_MLIST

[oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format

mailing-list

x_refsource_MLIST

http://bugzilla.maptools.org/show_bug.cgi?id=2554

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.