CVE-2016-5652

2017-01-0621:59:01

Google

osv.dev

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

CPENameOperatorVersion
libtiffeqRelease-v3-7-0beta2
tiffeq4.0.6-r2
libtiffeq3.7.0
libtiffeq4.0.0alpha4
libtiffeq4.0.0
libtiffeqRelease-v3-6-0beta2
tiffeq4.0.1-r0
libtiffeqRelease-v3-5-
libtiffeqRelease-v3-7-1
tiffeq3.9.5-r1

Name	Operator	Version
libtiff	eq	Release-v3-7-0beta2
tiff	eq	4.0.6-r2
libtiff	eq	3.7.0
libtiff	eq	4.0.0alpha4
libtiff	eq	4.0.0
libtiff	eq	Release-v3-6-0beta2
tiff	eq	4.0.1-r0
libtiff	eq	Release-v3-5-
libtiff	eq	Release-v3-7-1
tiff	eq	3.9.5-r1