#VU1067 Remote code execution in LibTIFF - CVE-2016-8331
Published: October 26, 2016
Vulnerability identifier: #VU1067
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-8331
CWE-ID: CWE-843
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LibTIFF
LibTIFF
Software vendor:
LibTIFF
LibTIFF
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
Remediation
Securitylab is temporaly unaware of the patches resolving the vulnerability.