CVE-2016-10269

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10269
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10269.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10269
Downstream
Related
Published
2017-03-24T19:59:00Z
Modified
2025-10-14T15:21:13.927345Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1044b43637fa7f70fb19b93593777b78bd20da86

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6
Release-v4-0-7

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 237.0,
                "function_hash": "156935026607999274605174739785433192017"
            },
            "target": {
                "file": "libtiff/tif_luv.c",
                "function": "LogLuvClose"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
            "signature_version": "v1",
            "id": "CVE-2016-10269-613a55b4",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "26839715329221870320889754407821069746",
                    "264837500327746807402086145918732980012",
                    "288658469619971624593554952031763377094",
                    "233692747760544501297264180676044616000",
                    "58877970245781362337096520297824206545",
                    "168237795276396746769701518814655732634",
                    "231456431022148738345425543397932332965",
                    "274942224386504519985678155876873494800",
                    "263385401691665672313341503187962856966",
                    "16730167252715994748866895871966545500",
                    "334769555662410305813176432925452621390",
                    "61136965913566749095217374316929984629",
                    "112330326926976831678878121397445352412",
                    "156368953257557227283830009689593886797",
                    "77419270978850260719718826777911165697",
                    "42619033949250172909640178542169157906",
                    "166440836208412782103753817856290299398"
                ]
            },
            "target": {
                "file": "libtiff/tif_luv.c"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
            "signature_version": "v1",
            "id": "CVE-2016-10269-698cdc1a",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "113687249411579510802800124961192188118",
                    "11508600432903789210751911445596025634",
                    "22662973915352784340209776628135221412",
                    "184341363403314192038866735200039387928",
                    "129895138452027020123485807256834108207",
                    "256327435011055726137920106441042789212",
                    "53767934271067213049716745082062299865"
                ]
            },
            "target": {
                "file": "libtiff/tif_pixarlog.c"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
            "signature_version": "v1",
            "id": "CVE-2016-10269-83bd09a5",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1560.0,
                "function_hash": "58796327780794648659466221223127117800"
            },
            "target": {
                "file": "libtiff/tif_luv.c",
                "function": "LogLuvSetupEncode"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
            "signature_version": "v1",
            "id": "CVE-2016-10269-cb15ea2f",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 153.0,
                "function_hash": "74975776022488008058007400261370943112"
            },
            "target": {
                "file": "libtiff/tif_pixarlog.c",
                "function": "PixarLogClose"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
            "signature_version": "v1",
            "id": "CVE-2016-10269-ef35a972",
            "signature_type": "Function"
        }
    ]
}