Vulnerability Details : CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
Vulnerability category: OverflowInput validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-8870
Probability of exploitation activity in the next 30 days: 0.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-8870
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:P |
8.6
|
4.9
|
NIST |
|
7.4
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
2.2
|
5.2
|
NIST |
CWE ids for CVE-2015-8870
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8870
-
http://www.floyd.ch/?p=874BMP
About the CVEs in libtiff 4.0.3 | floyd'sThird Party Advisory
-
http://www.securityfocus.com/bid/94717
LibTIFF CVE-2015-8870 Integer Overflow Vulnerability
-
http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz
Patch
-
http://rhn.redhat.com/errata/RHSA-2017-0225.html
RHSA-2017:0225 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2015-8870
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*