CVE-2016-3625

MEDIUM

LibTIFF <4.0.6 - DoS

Title source: llm

Description

tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

References (3)

[Issue Tracking] http://bugzilla.maptools.org/show_bug.cgi?id=2566

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/04/08/5

[Third Party Advisory] https://security.gentoo.org/glsa/201701-16

Scores

CVSS v3 6.5

EPSS 0.0064

EPSS Percentile 70.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-125

Status published

Affected Products (2)

libtiff/libtiff < 4.0.6

n/a/n/a

Timeline

Published Oct 03, 2016

Tracked Since Feb 18, 2026