CVE-2015-8668

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html Exploit Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-1546.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1547.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/archive/1/537208/100/0/threaded Broken Link VDB Entry
https://security.gentoo.org/glsa/201701-16 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

20 Dec 2023, 18:28

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html - Exploit () http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html - Exploit, Third Party Advisory, VDB Entry
References () http://rhn.redhat.com/errata/RHSA-2016-1546.html - () http://rhn.redhat.com/errata/RHSA-2016-1546.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-1547.html - () http://rhn.redhat.com/errata/RHSA-2016-1547.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory
References () http://www.securityfocus.com/archive/1/537208/100/0/threaded - () http://www.securityfocus.com/archive/1/537208/100/0/threaded - Broken Link, VDB Entry
References () https://security.gentoo.org/glsa/201701-16 - () https://security.gentoo.org/glsa/201701-16 - Third Party Advisory
CWE CWE-119 CWE-787
CPE cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
First Time Redhat enterprise Linux
Redhat
Redhat enterprise Linux Desktop
Oracle linux
Oracle vm Server
Oracle
Redhat enterprise Linux Workstation
Information

Published : 2016-01-08 19:59

Updated : 2023-12-20 18:28

NVD link : CVE-2015-8668

Mitre link : CVE-2015-8668

CVE.ORG link : CVE-2015-8668

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_workstation
  • enterprise_linux_desktop

oracle

  • linux
  • vm_server

libtiff

  • libtiff
CWE
CWE-787

Out-of-bounds Write