{ "threat_severity" : "Low", "public_date" : "2016-11-07T00:00:00Z", "bugzilla" : { "description" : "libtiff: Out-of-bounds heap read in cpStrips", "id" : "1395164", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1395164" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status" : "draft" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status" : "draft" }, "cwe" : "CWE-125", "details" : [ "tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.", "An out-of-bounds heap read was discovered in libtiff. A crafted file could cause the application to crash or, potentially, disclose process memory." ], "statement" : "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "libtiff", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "libtiff", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "compat-libtiff3", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "libtiff", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-9273\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9273" ], "name" : "CVE-2016-9273", "csaw" : false }