CVE-2016-9534 Information

Description

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn’t reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095 aka \TIFFFlushData1 heap-buffer-overflow.\

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94743 https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4adiff-5be5ce02d0dea67050d5b2a10102d1ba

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8