---

CVE-2016-5323 - log back

CVE-2016-5323 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Denial of service
Description	+ When using the tiffcrop command and a crafted TIFF image, the function _TIFFFax3fill() runs without checking the value of the divisor and causes a divide by zero flaw. Attackers can exploit this issue to cause a denial of service.
References	+ http://seclists.org/oss-sec/2016/q2/548 + http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
Notes	+ Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659 + + FIXED: + 2016-07-11 Even Rouault <even.rouault at spatialys.com> + tools/tiffcrop.c: Avoid access outside of stack allocated array on a tiled separate TIFF with more than 8 samples per pixel. + Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360 + (CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559)