vulnerability
Arch Linux: Arbitrary code execution (CVE-2016-3990)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 21, 2016 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 21, 2016
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function horizontalDifference8(). An attacker could control the head data of next heap which contains pre_size field and size filed to result in denial of service or arbitrary code execution.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.