CVE-2016-9540 libtiff: cpStripToTile heap-buffer-overflow

Unitrends
Backup
General

CVE ID

CVE-2016-9540

DESCRIPTION

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images
with odd tile width versus image width. Reported as MSVR 35103, aka
"cpStripToTile heap-buffer-overflow."

CVSS3 Base Score 7

Related CVEs: CVE-2016-9537, CVE-2016-9536, CVE-2016-9535, CVE-2016-9534, CVE-2016-9533

RESOLUTION

Fixed in latest Unitrends security update with
libtiff-3.9.4-21.el6_8

LINK TO ADVISORIES

https://nvd.nist.gov/vuln/detail/CVE-2016-9540 https://access.redhat.com/security/cve/cve-2016-9540 https://access.redhat.com/security/cve/cve-2016-9537 https://access.redhat.com/security/cve/cve-2016-9536 https://access.redhat.com/security/cve/cve-2016-9535 https://access.redhat.com/security/cve/cve-2016-9534 https://access.redhat.com/security/cve/cve-2016-9533

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Contact us

Browse this section

How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.4
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.3
How to disable an unused network interface to prevent conflict or accidental routing.
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.2
CBTDriverError:uvbCbtSnapshotCreationStarted <CBT_CTL_DUPLICATE_SNAPSHOT_CREATE>
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.1
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
UnitrendsMSP: Remove appliance
Steps to perform post a successful migration steps on CentOS6 UB (CentOS6 to CentOS7)