9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.049 Low
EPSS
Percentile
92.7%
Severity: Critical
Date : 2017-07-18
CVE-ID : CVE-2015-7554 CVE-2016-10095
Package : libtiff
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-5
The package libtiff before version 4.0.8-2 is vulnerable to arbitrary
code execution.
Upgrade to 4.0.8-2.
The problems have been fixed upstream but no release is available yet.
None.
An Invalid memory write flaw was found in libtiff in the way it parsed
certain extension tags when reading TIFF format files. An attacker
could use this flaw to crash or even execute arbitrary code with the
permission of the user running such an application compiled against
libtiff.
A stack-based buffer overflow vulnerability was found in libtiff, in
the _TIFFVGetField function in tif_dir.c, when running tiffslpit on
crafted tiff file.
A remote attacker can execute arbitrary code on the affected host via a
crafted TIFF file.
https://bugs.archlinux.org/task/54842
http://seclists.org/oss-sec/2015/q4/590
http://bugzilla.maptools.org/show_bug.cgi?id=2564
http://seclists.org/oss-sec/2017/q1/10
https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
https://security.archlinux.org/CVE-2015-7554
https://security.archlinux.org/CVE-2016-10095
bugzilla.maptools.org/show_bug.cgi?id=2564
seclists.org/oss-sec/2015/q4/590
seclists.org/oss-sec/2017/q1/10
blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
bugs.archlinux.org/task/54842
security.archlinux.org/AVG-5
security.archlinux.org/CVE-2015-7554
security.archlinux.org/CVE-2016-10095
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.049 Low
EPSS
Percentile
92.7%