CVE-2016-10095
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
Published
2017-03-01T15:59:00.290
Last Modified
2025-04-20T01:37:25.860
Status
Deferred
Source
[email protected]
Severity
CVSSv3.0: 5.5 (MEDIUM)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
2.9
Weaknesses
Affected Vendors & Products
| Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
| Application |
libtiff
|
libtiff
|
4.0.7 |
Yes
|
References