CVE-2016-5652 - OpenCVE

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libtiff	Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3762
http://www.securityfocus.com/bid/93902
http://www.talosintelligence.com/reports/TALOS-2016-0187/	Exploit Technical Description Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201701-16

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-01-06T21:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2016-06-16T00:00:00

Link: CVE-2016-5652

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-06T21:59:01.680

Modified: 2018-01-05T02:31:03.447

Link: CVE-2016-5652

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "LibTiff", "vendor": "LibTiff", "versions": [{"status": "affected", "version": "4.0.6"}]}], "datePublic": "2016-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means."}], "problemTypes": [{"descriptions": [{"description": "heap buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "GLSA-201701-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-16"}, {"name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "DSA-3762", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3762"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"}, {"name": "93902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93902"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-5652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibTiff", "version": {"version_data": [{"version_value": "4.0.6"}]}}]}, "vendor_name": "LibTiff"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "heap buffer overflow"}]}]}, "references": {"reference_data": [{"name": "GLSA-201701-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-16"}, {"name": "RHSA-2017:0225", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "DSA-3762", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3762"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0187/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"}, {"name": "93902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93902"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-5652", "datePublished": "2017-01-06T21:00:00", "dateReserved": "2016-06-16T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "33708995-494C-476D-B0E3-1E78B9328699", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means."}, {"lang": "es", "value": "Existe un desbordamiento de b\u00fafer basado en memoria din\u00e1mica explotable en el manejo de im\u00e1genes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica resultando en ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede ser desencadenada a trav\u00e9s de un archivo TIFF guardado entregado por otros medios."}], "id": "CVE-2016-5652", "lastModified": "2018-01-05T02:31:03.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-06T21:59:01.680", "references": [{"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2017/dsa-3762"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/93902"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-16"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}