CVE-2016-9540 libtiff: cpStripToTile heap-buffer-overflow

Unitrends
Backup
General

CVE ID

CVE-2016-9540

DESCRIPTION

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images
with odd tile width versus image width. Reported as MSVR 35103, aka
"cpStripToTile heap-buffer-overflow."

CVSS3 Base Score 7

Related CVEs: CVE-2016-9537, CVE-2016-9536, CVE-2016-9535, CVE-2016-9534, CVE-2016-9533

RESOLUTION

Fixed in latest Unitrends security update with
libtiff-3.9.4-21.el6_8

LINK TO ADVISORIES

https://nvd.nist.gov/vuln/detail/CVE-2016-9540 https://access.redhat.com/security/cve/cve-2016-9540 https://access.redhat.com/security/cve/cve-2016-9537 https://access.redhat.com/security/cve/cve-2016-9536 https://access.redhat.com/security/cve/cve-2016-9535 https://access.redhat.com/security/cve/cve-2016-9534 https://access.redhat.com/security/cve/cve-2016-9533

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Contact us

Browse this section

How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.1
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
UnitrendsMSP: Remove appliance
Steps to perform post a successful migration steps on CentOS6 UB (CentOS6 to CentOS7)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.11
Upgrade fails when upgrading from version 10.2 or older
8006-8012 appliance disk replacement process
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.10
Gen 7, Gen 8, UMSP and MAX Appliance Datasheets