Vulnerability CVE-2015-8870: Information
Description
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
Severity: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Published: Dec. 6, 2016
Modified: Jan. 5, 2018
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libtiff | sisyphus | 4.0.10.0.57.f9fc01c3-alt1 | 4.4.0-alt4 | ALT-PU-2019-1628-1 | 226958 | Fixed |
libtiff | p10 | 4.0.10.0.57.f9fc01c3-alt1 | 4.4.0-alt2 | ALT-PU-2019-1628-1 | 226958 | Fixed |
libtiff | p9 | 4.0.10.0.57.f9fc01c3-alt1 | 4.0.10.0.57.f9fc01c3-alt1 | ALT-PU-2019-1628-1 | 226958 | Fixed |
libtiff | c10f1 | 4.0.10.0.57.f9fc01c3-alt1 | 4.4.0-alt2 | ALT-PU-2019-1628-1 | 226958 | Fixed |
libtiff | c9f2 | 4.0.10.0.57.f9fc01c3-alt1 | 4.3.0-alt1 | ALT-PU-2019-1628-1 | 226958 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz |
|
http://www.floyd.ch/?p=874BMP |
|
94717 | |
RHSA-2017:0225 |