CVE-2016-10095 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Arbitrary code execution |
| Description | A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-87 | lib32-libtiff | 4.0.7-1 | 4.0.8-1 | Critical | Fixed | FS#54842 |
| AVG-5 | libtiff | 4.0.8-1 | 4.0.8-2 | Critical | Fixed | FS#54842 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 18 Jul 2017 | ASA-201707-18 | AVG-87 | lib32-libtiff | Critical | arbitrary code execution |
| 18 Jul 2017 | ASA-201707-17 | AVG-5 | libtiff | Critical | arbitrary code execution |
| References |
|---|
http://seclists.org/oss-sec/2017/q1/10 https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/ |
| Notes |
|---|
Reproducer: https://github.com/asarubbo/poc/blob/master/00104-libtiff-stackoverflow-_TIFFVGetField |