CVE-2016-8331 - An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF

CVE-2016-8331

Summary

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.

References

http://www.talosintelligence.com/reports/TALOS-2016-0190/
http://www.securityfocus.com/bid/93898
https://security.gentoo.org/glsa/201701-16

Vulnerable Configurations

cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 19-04-2022 - 20:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	93898
gentoo	GLSA-201701-16
misc	http://www.talosintelligence.com/reports/TALOS-2016-0190/

Last major update

19-04-2022 - 20:15

Published

28-10-2016 - 20:59

Last modified

19-04-2022 - 20:15