ID CVE-2016-3624
Summary The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
References
Vulnerable Configurations
  • cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:3.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:3.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha5:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:alpha6:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.0:beta7:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.0:beta7:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 04-11-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 85956
debian DSA-3762
gentoo GLSA-201701-16
misc http://bugzilla.maptools.org/show_bug.cgi?id=2568
mlist [oss-security] 20160408 CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool
Last major update 04-11-2017 - 01:29
Published 03-10-2016 - 16:09
Last modified 04-11-2017 - 01:29
Back to Top