libtiff - exploit.company

vendor:

libtiff

by:

x90c

7,5

CVSS

HIGH

Integer overflow

190

CWE

Product Name: libtiff

Affected Version From: 3.9.5

Affected Version To: 3.6.0

Patch Exists: YES

Related CWE: CVE-2013-5575

CPE: a:libtiff:libtiff

Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0873/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0874/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0834/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0839/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2013

libtiff <= 3.9.5 Integer overflow bug poc

A proof-of-concept code for an integer overflow vulnerability in libtiff versions 3.9.5 and below. The vulnerability is triggered when the TIFFGetField library function is called with a malicious samplesperpixel field value, resulting in a segmentation fault.

Mitigation:

Upgrade to a version of libtiff that is not vulnerable to this issue.

Source

libtiff <= 3.9.5 Integer overflow bug poc

Mitigation:

Exploit-DB raw data: