CVE-2016-9448 in LibTIFFinfo

Summary

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

11/18/2016

Disclosure

01/27/2017

Moderation

VulDB entry created

Entries

1: VDB-96091

CPE

ready

CWE

CWE-476 (Confirmed)

CVSS

6.4

EPSS

0.02076

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9448
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9448
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9448/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!