{"id":"CVE-2016-5316","details":"Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.","modified":"2026-05-15T12:02:36.482925913Z","published":"2017-01-20T15:59:00.300Z","related":["SUSE-SU-2016:2271-1","SUSE-SU-2016:2527-1","openSUSE-SU-2024:10554-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"13.1"},{"last_affected":"13.2"}],"source":"CPE_FIELD","vendor_product":"opensuse:opensuse"},{"cpes":["cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*"],"vendor_product":"opensuse_project:leap","source":"CPE_FIELD","extracted_events":[{"last_affected":"42.1"}]}]},"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/91203"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3762"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/15/3"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-16"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}