Remote code execution in LibTIFF - CVE-2016-5652
Published: October 26, 2016
Vulnerability identifier: #VU1066
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5652
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LibTIFF
Affected software:
LibTIFF
LibTIFF
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a heap-buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a heap-buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
How to mitigate CVE-2016-5652
Securitylab is temporaly unaware of the patches resolving the vulnerability.