An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
External References:
http://www.talosintelligence.com/reports/TALOS-2016-0205
Created mingw-libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1389232]
Affects: epel-7 [bug 1389233]
Comment 3Salvatore Bonaccorso
2016-10-28 05:08:15 UTC
Hi
According to TALOS-2016-0205 the actual CVE ID should be CVE-2016-5875. So is the CVE-2016-5857 alias a typo?
Thanks already for clarification.
Regards,
Salvatore