{
  "threat_severity" : "Low",
  "public_date" : "2016-04-07T00:00:00Z",
  "bugzilla" : {
    "description" : "libtiff: Division by zero in fpAcc function",
    "id" : "1324823",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1324823"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "draft"
  },
  "cwe" : "CWE-369",
  "details" : [ "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image." ],
  "statement" : "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "acknowledgement" : "Red Hat would like to thank Mei Wang (Qihoo 360) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "libtiff",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "libtiff",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "compat-libtiff3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "libtiff",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-3622\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3622" ],
  "name" : "CVE-2016-3622",
  "csaw" : false
}