PublicDateAtUSN: 2016-06-15
Candidate: CVE-2016-5322
PublicDate: 2017-04-11 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5322
 http://seclists.org/oss-sec/2016/q2/550
 https://ubuntu.com/security/notices/USN-3212-1
 https://ubuntu.com/security/notices/USN-3212-3
Description:
 The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows
 remote attackers to cause a denial of service (out-of-bounds read) via a
 crafted tiff image.
Ubuntu-Description:
Notes:
 mdeslaur> fixed by patch for CVE-2016-3991
Bugs:
 http://bugzilla.maptools.org/show_bug.cgi?id=2560
Priority: medium
Discovered-by: Kaixiang Zhang
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_tiff:
upstream_tiff: released (4.0.7)
precise_tiff: ignored (reached end-of-life)
precise/esm_tiff: released (3.9.5-2ubuntu1.10)
trusty_tiff: released (4.0.3-7ubuntu0.6)
trusty/esm_tiff: released (4.0.3-7ubuntu0.6)
vivid/stable-phone-overlay_tiff: ignored (reached end-of-life)
vivid/ubuntu-core_tiff: DNE
wily_tiff: ignored (reached end-of-life)
xenial_tiff: released (4.0.6-1ubuntu0.1)
esm-infra/xenial_tiff: released (4.0.6-1ubuntu0.1)
yakkety_tiff: released (4.0.6-2ubuntu0.1)
zesty_tiff: not-affected (4.0.7-1)
devel_tiff: not-affected (4.0.7-1)