CVE-2016-5102

NameCVE-2016-5102
DescriptionBuffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-693-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)wheezy4.0.2-6+deb7u5vulnerable
wheezy (security)4.0.2-6+deb7u16fixed
jessie (security), jessie4.0.3-12.3+deb8u4fixed
stretch (security), stretch4.0.8-2+deb9u1fixed
buster, sid4.0.8-5fixed
tiff3 (PTS)wheezy3.9.6-11fixed
wheezy (security)3.9.6-11+deb7u8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsource(unstable)4.0.6-3medium
tiffsourcejessie4.0.3-12.3+deb8u2medium
tiffsourcewheezy4.0.2-6+deb7u7mediumDLA-693-1
tiff3source(unstable)(unfixed)unimportant
tiff3sourcewheezy(not affected)

Notes

[wheezy] - tiff3 <not-affected> (Does not ship libtiff-tools)
http://bugzilla.maptools.org/show_bug.cgi?id=2552
confirmed this still crashes with latest CVS, version v4.0.6
also confirmed this crashes v4.0.2 in wheezy
Upstream will remove gif2tiff from 4.0.7 release
No patch available. Marked as wontfix by upstream
Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5102.gif
gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package

Search for package or bug name: Reporting problems