CVE-2016-5102

MEDIUM

Libtiff < 4.0.6 - Improper Input Validation

Title source: rule

Description

Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.

References (5)

[Issue Tracking, Third Party Advisory] http://bugzilla.maptools.org/show_bug.cgi?id=2552

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96049

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1343407

[Third Party Advisory] https://security.gentoo.org/glsa/201701-16

[Vendor Advisory] https://usn.ubuntu.com/3606-1/

Scores

CVSS v3 5.5

EPSS 0.0060

EPSS Percentile 69.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-20

Status published

Affected Products (2)

libtiff/libtiff < 4.0.6

n/a/n/a

Timeline

Published Feb 06, 2017

Tracked Since Feb 18, 2026