CVE-2016-10092 : Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.

Published 2017-03-01 15:59:00

Updated 2021-03-05 17:15:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2016-10092

Libtiff » Libtiff » Version: 4.0.7
cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-10092

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-10092

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-10092

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10092

http://bugzilla.maptools.org/show_bug.cgi?id=2622

Bug 2622 – libtiff: heap-based buffer overflow in _TIFFmemcpy (tif_unix.c)
Exploit;Issue Tracking
https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

libtiff: multiple heap-based buffer overflow | agostino's blog
Patch;Third Party Advisory

CVEs referencing this url
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092

Pocs_for_Multi_Versions/CVE-2016-10092 at main · Hack-Me/Pocs_for_Multi_Versions · GitHub
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a

* tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) m… · vadz/libtiff@9657bbe · GitHub
Patch

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2017/01/01/10

oss-security - Re: libtiff: multiple heap-based buffer overflow
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2017/01/01/12

oss-security - Re: Re: libtiff: multiple heap-based buffer overflow
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/95218

LibTIFF CVE-2016-10092 Heap Buffer Overflow Vulnerability
http://bugzilla.maptools.org/show_bug.cgi?id=2620

Bug 2620 – tiffcrop: heap-based buffer overflow in _TIFFFax3fillruns (tif_fax3.c)
Exploit;Issue Tracking
http://www.debian.org/security/2017/dsa-3762

Debian -- Security Information -- DSA-3762-1 tiff

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-10092

Products affected by CVE-2016-10092

Exploit prediction scoring system (EPSS) score for CVE-2016-10092

CVSS scores for CVE-2016-10092

CWE ids for CVE-2016-10092

References for CVE-2016-10092