Details of VAR-201604-0195

ID

VAR-201604-0195

CVE

CVE-2015-8784

TITLE

LibTIFF of tif_next.c of NeXTDecode Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007063

DESCRIPTION

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. LibTIFF is prone to a memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the affected system. Failed exploit attempts may result in denial-of-service conditions. ============================================================================ Ubuntu Security Notice USN-2939-1 March 23, 2016 tiff vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7" References ========== [ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka-- . Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash. For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 4.0.6-1. For the unstable distribution (sid), these problems have been fixed in version 4.0.6-1. We recommend that you upgrade your tiff packages. 6) - i386, x86_64 3

Trust: 2.43

sources: NVD: CVE-2015-8784 // JVNDB: JVNDB-2015-007063 // BID: 81696 // VULMON: CVE-2015-8784 // PACKETSTORM: 136385 // PACKETSTORM: 138137 // PACKETSTORM: 140402 // PACKETSTORM: 135662 // PACKETSTORM: 138138

AFFECTED PRODUCTS

vendor:	libtiff	model:	libtiff	scope:	-	version:	-	Trust: 1.4
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	libtiff	model:	libtiff	scope:	lt	version:	4.0.7	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	eq	version:	7.0	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	eq	version:	8.0	Trust: 0.8
vendor:	f5	model:	big-ip aam build	scope:	eq	version:	11.66.204.442	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	7.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam build 685-hf10	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip aam build	scope:	eq	version:	11.5.40.1.256	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip aam build	scope:	eq	version:	11.5.110.104.180	Trust: 0.3
vendor:	f5	model:	big-ip aam hf6	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf5	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.1.0.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.24	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	libtiff	model:	libtiff	scope:	eq	version:	-0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.2.0.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip aam hf11	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.22	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf8	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf4	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf3	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf4	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.36	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf8	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip aam hf9	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf10	scope:	eq	version:	11.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf8	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.34	Trust: 0.3
vendor:	f5	model:	big-ip aam build	scope:	eq	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.26	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.4.0.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf9	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.21	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.2.0.4	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.31	Trust: 0.3
vendor:	f5	model:	big-ip aam hf10	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.3.0.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	2.2.0.3	Trust: 0.3
vendor:	f5	model:	big-ip aam hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.3	Trust: 0.3

sources: BID: 81696 // JVNDB: JVNDB-2015-007063 // CNNVD: CNNVD-201602-074 // NVD: CVE-2015-8784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8784
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-8784
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-074
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2015-8784
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8784
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2015-8784
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2015-8784
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2015-8784 // JVNDB: JVNDB-2015-007063 // CNNVD: CNNVD-201602-074 // NVD: CVE-2015-8784

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2015-007063 // NVD: CVE-2015-8784

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 136385 // PACKETSTORM: 138137 // PACKETSTORM: 138138 // CNNVD: CNNVD-201602-074

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201602-074

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007063

PATCH

title:	Bug 2508	url:	http://bugzilla.maptools.org/show_bug.cgi?id=2508	Trust: 0.8
title:	DSA-3467	url:	https://www.debian.org/security/2016/dsa-3467	Trust: 0.8
title:	* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()	url:	https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c	Trust: 0.8
title:	Silicon Graphics LibTiff'NeXTDecode()' Fixes for function denial of service vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60064	Trust: 0.6
title:	Red Hat: CVE-2015-8784	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-8784	Trust: 0.1
title:	Ubuntu Security Notice: tiff vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2939-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: tiff: CVE-2015-8683: out-of-bounds read in CIE Lab image format	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=390434416e4acde3bf8b99e4da032c83	Trust: 0.1
title:	Debian CVElist Bug Report Logs: tiff: CVE-2015-8665: out-of-bound read in tif_getimage.c	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=6ec319e5239f23b8cfa3b133cf8edbf4	Trust: 0.1
title:	Debian Security Advisories: DSA-3467-1 tiff -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a8a45052489cbaa9fb33682f27d831b9	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-734	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-734	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-733	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-733	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1

sources: VULMON: CVE-2015-8784 // JVNDB: JVNDB-2015-007063 // CNNVD: CNNVD-201602-074

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8784	Trust: 3.3
db:	BID	id:	81696	Trust: 2.0
db:	OPENWALL	id:	OSS-SECURITY/2016/01/24/4	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/01/24/8	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-007063	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-074	Trust: 0.6
db:	VULMON	id:	CVE-2015-8784	Trust: 0.1
db:	PACKETSTORM	id:	136385	Trust: 0.1
db:	PACKETSTORM	id:	138137	Trust: 0.1
db:	PACKETSTORM	id:	140402	Trust: 0.1
db:	PACKETSTORM	id:	135662	Trust: 0.1
db:	PACKETSTORM	id:	138138	Trust: 0.1

sources: VULMON: CVE-2015-8784 // BID: 81696 // JVNDB: JVNDB-2015-007063 // PACKETSTORM: 136385 // PACKETSTORM: 138137 // PACKETSTORM: 140402 // PACKETSTORM: 135662 // PACKETSTORM: 138138 // CNNVD: CNNVD-201602-074 // NVD: CVE-2015-8784

REFERENCES

url:	http://bugzilla.maptools.org/show_bug.cgi?id=2508	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/81696	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2939-1	Trust: 1.8
url:	https://security.gentoo.org/glsa/201701-16	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1547.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1546.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2016/01/24/4	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/01/24/8	Trust: 1.7
url:	https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3467	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8784	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8784	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8782	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8781	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8683	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8784	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8665	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8783	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2015-8784	Trust: 0.3
url:	http://www.libtiff.org/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193	Trust: 0.3
url:	http://seclists.org/oss-sec/2016/q1/191	Trust: 0.3
url:	https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html?sr=59127075	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3632	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8668	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8127	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7554	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8130	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9655	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8129	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9330	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1547	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2014-8129	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-9330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3991	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8665	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8683	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3632	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3945	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8782	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3945	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-8127	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8781	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5320	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-9655	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-5320	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3990	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3991	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8783	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-8130	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-1547	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3990	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-7554	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8668	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2939-1/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-12.3ubuntu2.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3625	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8128	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3633	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3622	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3624	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4243	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3631	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3620	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3186	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7313	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1

CREDITS

Salvatore Bonaccorso

Trust: 0.9

sources: BID: 81696 // CNNVD: CNNVD-201602-074

SOURCES

db:	VULMON	id:	CVE-2015-8784
db:	BID	id:	81696
db:	JVNDB	id:	JVNDB-2015-007063
db:	PACKETSTORM	id:	136385
db:	PACKETSTORM	id:	138137
db:	PACKETSTORM	id:	140402
db:	PACKETSTORM	id:	135662
db:	PACKETSTORM	id:	138138
db:	CNNVD	id:	CNNVD-201602-074
db:	NVD	id:	CVE-2015-8784

LAST UPDATE DATE

2024-08-14T13:05:21.599000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2015-8784	date:	2019-12-31T00:00:00
db:	BID	id:	81696	date:	2016-12-20T01:01:00
db:	JVNDB	id:	JVNDB-2015-007063	date:	2016-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201602-074	date:	2020-01-02T00:00:00
db:	NVD	id:	CVE-2015-8784	date:	2019-12-31T18:56:22.940

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2015-8784	date:	2016-04-13T00:00:00
db:	BID	id:	81696	date:	2016-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2015-007063	date:	2016-04-20T00:00:00
db:	PACKETSTORM	id:	136385	date:	2016-03-23T23:14:58
db:	PACKETSTORM	id:	138137	date:	2016-08-02T23:00:03
db:	PACKETSTORM	id:	140402	date:	2017-01-09T19:12:35
db:	PACKETSTORM	id:	135662	date:	2016-02-08T18:25:00
db:	PACKETSTORM	id:	138138	date:	2016-08-02T23:00:12
db:	CNNVD	id:	CNNVD-201602-074	date:	2016-01-24T00:00:00
db:	NVD	id:	CVE-2015-8784	date:	2016-04-13T17:59:06.490