CVE-2016-3990 - log back

CVE-2016-3990 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function horizontalDifference8(). An attacker could control the head data of next heap which contains pre_size field and size filed to result in denial of service or arbitrary code execution.
References
+ http://seclists.org/oss-sec/2016/q2/57
+ http://bugzilla.maptools.org/show_bug.cgi?id=2544
Notes