FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- out-of-bounds read in tif_getimage.c

Affected packages
tiff <= 4.0.6

Details

VuXML ID bd349f7a-b3b9-11e5-8255-5453ed2e2b49
Discovery 2015-12-24
Entry 2016-01-05

LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tif_getimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.

References

CVE Name CVE-2015-8665
Message http://www.openwall.com/lists/oss-security/2015/12/24/2