CVE-2016-3624
CVE-2016-3624
| Published Date | 2025-12-03 |
|---|---|
| Product | centos |
| Severity | High (7.5) |
| Component | libtiff |
| Affected Versions | CentOS 7 |
| Patched Versions | libtiff-4.0.3-35_ol005.el7 |
CVE Details
OL CVE Issue Summary:
cvtClump() in rgb2ycbcr in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the -v option to -1. _TIFFFax3fillruns() in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.DumpModeDecode() could be exploited to cause denial-of-service via a crafted Tiff image. A heap-based buffer overflow in the t2p_write_pdf() in tools/tiff2pdf.c. This heap overflow could lead to various damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup(), an invalid free in TIFFClose() or t2p_free(), memory corruption in t2p_readwrite_pdf_image(), or a double free in t2p_free(). Given these possibilities, it probably could result in arbitrary code execution. This affects TIFFReadRGBATileExt() in libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public. The identifier VDB-213549 was assigned to this vulnerability.