These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-9448 is a denial-of-service vulnerability in libtiff’s TIFFFetchNormalTag parsing path. A crafted TIFF can trigger a NULL pointer dereference and crash when the code handles TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII values that access 0-byte arrays. The issue was described as an incomplete fix for CVE-2016-9297, so systems that only partially remediated the earlier bug may still be exposed.
CVE-2017-5563 is a high-severity libtiff flaw affecting version 4.0.7. According to NVD, a crafted BMP image processed by tools/bmp2tiff can trigger a heap-based buffer over-read in tif_lzw.c. The impact is documented as denial of service and potentially code execution, and the CVSS vector indicates network exposure with user interaction required.
CVE-2016-5323 is a high-severity denial-of-service issue in libtiff’s TIFF parsing path. A crafted TIFF image can trigger a divide-by-zero in _TIFFFax3fillruns, causing the application to crash when it processes the file.
CVE-2016-5321 is a denial-of-service vulnerability in libtiff affecting version 4.0.6 and earlier. A crafted TIFF image can trigger an invalid read in the DumpModeDecode function, leading to a crash. The issue is rated CVSS 6.5 (medium) and requires user interaction because the target must process the malicious image.
CVE-2016-5319 is a publicly disclosed libtiff vulnerability first published on 2017-01-20. According to NVD, libtiff 4.0.6 and earlier are affected by a heap-based buffer overflow in tif_packbits.c. The issue is reachable through a crafted BMP file and is rated medium severity with a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating remote reachability but user interaction is required and [truncated]
CVE-2016-5318 is a stack-based buffer overflow in libtiff’s _TIFFVGetField function. According to the CVE record, libtiff 4.0.6 and earlier are affected, and a crafted TIFF can be used by a remote attacker to crash the application. The NVD CVSS vector marks this as network-reachable but requiring user interaction, with impact limited to availability.
CVE-2016-9297 is a denial-of-service vulnerability in LibTiff 4.0.6’s TIFFFetchNormalTag handling. Crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values can trigger an out-of-bounds read, making this a parsing risk for software that processes untrusted TIFF files. NVD assigns CVSS 3.0 7.5 (High), and the mapped weakness is CWE-125.
CVE-2016-9273 is a denial-of-service issue in libtiff’s tiffsplit utility. A crafted TIFF file can trigger an out-of-bounds read when TIFF_STRIPCHOP mode changes td_nstrips, potentially crashing the process or otherwise disrupting service. The record was publicly published on 2017-01-18 and is rated CVSS 5.5 (Medium).