CVE-2016-3990

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function horizontalDifference8(). An attacker could control the head data of next heap which contains pre_size field and size filed to result in denial of service or arbitrary code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-86 lib32-libtiff 4.0.6-2 4.0.7-1 Critical Fixed
AVG-85 libtiff 4.0.6-2 4.0.7-1 Critical Fixed
Date Advisory Group Package Severity Description
25 Nov 2016 ASA-201611-27 AVG-86 lib32-libtiff Critical multiple issues
25 Nov 2016 ASA-201611-26 AVG-85 libtiff Critical multiple issues
References
http://seclists.org/oss-sec/2016/q2/57
http://bugzilla.maptools.org/show_bug.cgi?id=2544