Bug 1031247 - (CVE-2016-10272) VUL-0: CVE-2016-10272: tiff: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-basedbuffer overflow) or p...
(CVE-2016-10272)
VUL-0: CVE-2016-10272: tiff: LibTIFF 4.0.7 allows remote attackers to cause a...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Fridrich Strba
Security Team bot
https://smash.suse.de/issue/182283/
CVSSv2:NVD:CVE-2016-10272:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-28 07:12 UTC by Victor Pereira
Modified: 2017-11-23 10:00 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-03-28 07:12:20 UTC
CVE-2016-10272

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based
buffer overflow) or possibly have unspecified other impact via a crafted TIFF
image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10272
http://seclists.org/oss-sec/2017/q1/680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10272
Comment 2 Swamp Workflow Management 2017-04-18 13:13:10 UTC
SUSE-SU-2017:1044-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1031247,1031249,1031250,1031254,1031255,1031262,1031263
CVE References: CVE-2016-10266,CVE-2016-10267,CVE-2016-10268,CVE-2016-10269,CVE-2016-10270,CVE-2016-10271,CVE-2016-10272
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server 12-SP1 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    tiff-4.0.7-43.1
Comment 3 Swamp Workflow Management 2017-04-26 16:12:01 UTC
openSUSE-SU-2017:1108-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1031247,1031249,1031250,1031254,1031255,1031262,1031263
CVE References: CVE-2016-10266,CVE-2016-10267,CVE-2016-10268,CVE-2016-10269,CVE-2016-10270,CVE-2016-10271,CVE-2016-10272
Sources used:
openSUSE Leap 42.2 (src):    tiff-4.0.7-17.3.1
openSUSE Leap 42.1 (src):    tiff-4.0.7-18.1