| Name | CVE-2016-5102 |
| Description | Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-693-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| tiff (PTS) | jessie, jessie (lts) | 4.0.3-12.3+deb8u17 | fixed |
| stretch (security) | 4.0.8-2+deb9u8 | fixed |
| stretch (lts), stretch | 4.0.8-2+deb9u12 | fixed |
| buster (security), buster, buster (lts) | 4.1.0+git191117-2~deb10u9 | fixed |
| bullseye (security), bullseye | 4.2.0-1+deb11u5 | fixed |
| bookworm (security), bookworm | 4.5.0-6+deb12u1 | fixed |
| sid, trixie | 4.5.1+git230720-5 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| tiff | source | wheezy | 4.0.2-6+deb7u7 | | DLA-693-1 | |
| tiff | source | jessie | 4.0.3-12.3+deb8u2 | | | |
| tiff | source | (unstable) | 4.0.6-3 | | | |
| tiff3 | source | wheezy | (not affected) | | | |
| tiff3 | source | (unstable) | (unfixed) | unimportant | | |
Notes
[wheezy] - tiff3 <not-affected> (Does not ship libtiff-tools)
http://bugzilla.maptools.org/show_bug.cgi?id=2552
confirmed this still crashes with latest CVS, version v4.0.6
also confirmed this crashes v4.0.2 in wheezy
Upstream will remove gif2tiff from 4.0.7 release
No patch available. Marked as wontfix by upstream
Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5102.gif
gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package