CVE-2016-6223 — Vulnetix

CVE-2016-6223 PUBLISHED

The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.

EPSS 1.24% · 79.6th percentile

Risk Scores

EPSS Score

1.24%

79.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	tiff	4.0.3-7ubuntu0.3, 4.0.3-7ubuntu0.4, 4.0.3-5ubuntu1
Ubuntu:16.04:LTS	tiff	4.0.5-1, 4.0.6-1, 4.0.3-12.3ubuntu2

Exploit Intelligence

GLSA-201701-16 (circl)
http://libtiff.maptools.org/v4.0.7.html (circl)
[oss-security] 20160714 Re: CVE request: Information leak in LibTIFF (circl)
DSA-3762 (circl)
[oss-security] 20160713 CVE request: Information leak in LibTIFF (circl)
91741 (circl)

Timeline

Jan 23, 2017 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-6223 third-party-advisory
http://www.openwall.com/lists/oss-security/2016/07/13/3 third-party-advisory
https://ubuntu.com/security/notices/USN-3212-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-6223 third-party-advisory

Open in Interactive Console →