{"id":"CVE-2016-10270","details":"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22.","modified":"2026-04-16T06:18:08.591585914Z","published":"2017-03-24T19:59:00.283Z","related":["SUSE-SU-2017:1044-1","SUSE-SU-2018:1472-1","openSUSE-SU-2024:11461-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/97200"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3844"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"},{"type":"FIX","url":"https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vadz/libtiff","events":[{"introduced":"0"},{"last_affected":"b28076b056eba9d665881bab139d21b21137fd2d"},{"fixed":"9a72a69e035ee70ff5c41541c8c61cd97990d018"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.7"}]}}],"versions":["Pre360","Release-","Release-3-7-0","Release-v3-5-","Release-v3-5-4","Release-v3-5-5","Release-v3-5-7","Release-v3-6-0","Release-v3-6-0beta2","Release-v3-6-1","Release-v3-7-0-alpha","Release-v3-7-0beta","Release-v3-7-0beta2","Release-v3-7-1","Release-v3-7-2","Release-v3-7-3","Release-v3-7-4","Release-v3-8-0","Release-v3-8-1","Release-v3-8-2","Release-v4-0-0","Release-v4-0-0alpha","Release-v4-0-0alpha4","Release-v4-0-0alpha5","Release-v4-0-0alpha6","Release-v4-0-0beta7","Release-v4-0-1","Release-v4-0-2","Release-v4-0-3","Release-v4-0-4","Release-v4-0-4beta","Release-v4-0-5","Release-v4-0-6","Release-v4-0-7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10270.json","vanir_signatures":[{"source":"https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018","deprecated":false,"id":"CVE-2016-10270-21043118","digest":{"function_hash":"217570062935108207213506467783707032506","length":419},"target":{"file":"libtiff/tif_strip.c","function":"TIFFNumberOfStrips"},"signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018","deprecated":false,"id":"CVE-2016-10270-438ef051","digest":{"line_hashes":["227979037930115295549200606344797044780","304064853075978727773745147678512944439","247178991344022167237135730424070535552","281215183600724245730294442974530095132","305164763526171681635348485961970663495","178073106303980633009179021628806583257","124692354437170973845498308911739901343","114172573406440844168977052736038871039","216187158007511905708691702014797602141","2879496617748360527738794824120368194","104995666070552702337610097727930891288","115243487901340338471005043152426292490","139147012495639512798477566459269828020","105464633538825495977824827820924822994","107723553272322545637638858690250870762","290931200856179411197202820462678260933","53478847736288984055319536672304171640","47816606002615624330881726773444678337","41175390837799653466983724778626736192","71200253766754932186272388276437218414","203193398437237192607582729440697709897","70722196196013249240151454962309002082","326510936351076789053991261527542020492","272834617046870365591399382044184695558","181871094969194701087817509287023198281","254431987391002376872065047137279717069","269526769066251921302003633010157440788","202417575990367002590428723634683427130","302339418109204909993807813573261863499"],"threshold":0.9},"target":{"file":"libtiff/tif_dirread.c"},"signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018","signature_type":"Function","id":"CVE-2016-10270-b0b62bfc","digest":{"function_hash":"202781527579831873861974969934754624663","length":1623},"deprecated":false,"target":{"file":"libtiff/tif_dirread.c","function":"ChopUpSingleUncompressedStrip"},"signature_version":"v1"},{"source":"https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018","deprecated":false,"target":{"file":"libtiff/tif_strip.c"},"digest":{"line_hashes":["251259821279157970787903007296993735349","216789091117803774823384587008877918412","335551065774136630098571473824439443675","89261644350307141058375409406669172333","102137725275466551305934319509417008195"],"threshold":0.9},"id":"CVE-2016-10270-c10031cd","signature_version":"v1","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T03:43:29Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}