Vulnerability Details : CVE-2016-5102
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
Vulnerability category: OverflowMemory CorruptionInput validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-5102
Probability of exploitation activity in the next 30 days: 0.78%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-5102
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-5102
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5102
-
https://bugzilla.redhat.com/show_bug.cgi?id=1343407
1343407 – (CVE-2016-5102) CVE-2016-5102 libtiff: Buffer overflow in readgifimage()Issue Tracking;Third Party Advisory
-
http://bugzilla.maptools.org/show_bug.cgi?id=2552
Bug 2552 – CVE-2016-5102: gif2tiff tool buffer overflow in readgifimage()Issue Tracking;Third Party Advisory
-
https://usn.ubuntu.com/3606-1/
USN-3606-1: LibTIFF vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/96049
LibTIFF CVE-2016-5102 Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201701-16
libTIFF: Multiple vulnerabilities (GLSA 201701-16) — Gentoo securityThird Party Advisory
Products affected by CVE-2016-5102
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*