{"id":"CVE-2015-8668","details":"Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.","modified":"2026-02-04T05:21:50.222207Z","published":"2016-01-08T19:59:18Z","related":["MGASA-2016-0349","SUSE-SU-2018:2676-1","SUSE-SU-2024:0915-1"],"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1546.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1547.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/537208/100/0/threaded"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-16"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/537208/100/0/threaded"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}