Remote code execution in LibTIFF - CVE-2016-8331
Published: October 26, 2016
Vulnerability identifier: #VU1067
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-8331
CWE-ID: CWE-843
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LibTIFF
Affected software:
LibTIFF
LibTIFF
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
How to mitigate CVE-2016-8331
Securitylab is temporaly unaware of the patches resolving the vulnerability.