Base Score

MEDIUM6.2

CVE-2016-3186

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.

VectorLOCAL

Published Bycve@mitre.org

Published DateApr 19, 2016, 14:59

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

6.2

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.html
http://www.securitytracker.com/id/1035442
https://access.redhat.com/errata/RHSA-2019:2053
https://bugzilla.redhat.com/show_bug.cgi?id=1319503
https://security.gentoo.org/glsa/201701-16
https://usn.ubuntu.com/3606-1/

Base Score

MEDIUM6.2

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

6.2

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH