CVE-2016-9540
libtiff: cpStripToTile heap-buffer-overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
tools/tiffcp.c en libtiff 4.0.6 tiene una escritura fuera de límites en imágenes tiled con un ancho de tile extraño frente al ancho de la imagen. Reportado como MSVR 35103, vulnerabilidad también conocida como "cpStripToTile heap-buffer-overflow".
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-21 CVE Reserved
- 2016-11-22 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94484 | Third Party Advisory | |
| http://www.securityfocus.com/bid/94747 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 | 2018-01-05 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0225.html | 2018-01-05 | |
| http://www.debian.org/security/2017/dsa-3762 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-9540 | 2017-02-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1397768 | 2017-02-01 |