FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- out-of-bounds read in tif_getimage.c

Affected packages
tiff < 4.0.6_1
linux-c6-tiff < 3.9.4_2
* <= linux-f10-tiff

Details

VuXML ID bd349f7a-b3b9-11e5-8255-5453ed2e2b49
Discovery 2015-12-24
Entry 2016-01-05
Modified 2016-09-06

LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tif_getimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.

References

CVE Name CVE-2015-8665
Message http://www.openwall.com/lists/oss-security/2015/12/24/2