CVE-2015-8668

CRITICAL

libtiff < 4.0.6 - Remote Code Execution via BMP Width Field

Title source: llm

Description

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

References (7)

Core 7

Core References

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1547.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201701-16

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1546.html

Broken Link, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537208/100/0/threaded

Scores

CVSS v3 9.8

EPSS 0.0671

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (11)

libtiff/libtiff < 4.0.6

oracle/linux 6

oracle/linux 7

oracle/vm_server 3.3

oracle/vm_server 3.4

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_workstation 6.0

... and 1 more

Published Jan 08, 2016

Tracked Since Feb 18, 2026