CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type: GIT
Repo: https://github.com/vadz/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

391e77fcd217e78b2c51342ac3ddb7100ecacdd2

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

Pre360

Release-

Release-3-7-0

Release-v3-5-

Release-v3-5-4

Release-v3-5-5

Release-v3-5-7

Release-v3-6-0

Release-v3-6-0beta2

Release-v3-6-1

Release-v3-7-0-alpha

Release-v3-7-0beta

Release-v3-7-0beta2

Release-v3-7-1

Release-v3-7-2

Release-v3-7-3

Release-v3-7-4

Release-v3-8-0

Release-v3-8-1

Release-v3-8-2

Release-v4-0-0

Release-v4-0-0alpha

Release-v4-0-0alpha4

Release-v4-0-0alpha5

Release-v4-0-0alpha6

Release-v4-0-0beta7

Release-v4-0-1

Release-v4-0-2

Release-v4-0-3

Release-v4-0-4

Release-v4-0-4beta

Release-v4-0-5

Release-v4-0-6

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "178378420786103926455291150110068198516",
                    "84121366928367138019703020159838257058",
                    "164709929301042126348634534300749628678",
                    "153263396693590100690056344218331042439",
                    "334157731493365127796986244023593883122",
                    "156137084952661944539080546477375494045",
                    "105929032132142602227302746814003822399",
                    "266598201065398598923221512910818010856",
                    "284565610731628303591368030249368978181",
                    "232821814255149826046460539671205857515",
                    "321444266858567630737134791793835558050",
                    "68994868772921299876170540457438264073"
                ]
            },
            "target": {
                "file": "libtiff/tif_pixarlog.c"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2",
            "signature_version": "v1",
            "id": "CVE-2016-5314-3c4e2eb5",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1206.0,
                "function_hash": "78440823412972120136486014142346030450"
            },
            "target": {
                "file": "libtiff/tif_pixarlog.c",
                "function": "PixarLogSetupDecode"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2",
            "signature_version": "v1",
            "id": "CVE-2016-5314-7f58794c",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3456.0,
                "function_hash": "222598671468357598502694822388656799965"
            },
            "target": {
                "file": "libtiff/tif_pixarlog.c",
                "function": "PixarLogDecode"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2",
            "signature_version": "v1",
            "id": "CVE-2016-5314-ed14fc0d",
            "signature_type": "Function"
        }
    ]
}