Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2016-10095 - log back

CVE-2016-10095 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Local

Type

+	Arbitrary code execution

Description

+	A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file.

References

+	http://seclists.org/oss-sec/2017/q1/10
+	https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/

Notes

+	Reproducer:
+	https://github.com/asarubbo/poc/blob/master/00104-libtiff-stackoverflow-_TIFFVGetField