Remote Code Execution via Crafted TIFF Images in LibTIFF 4.0.6

Remote Code Execution via Crafted TIFF Images in LibTIFF 4.0.6

CVE-2016-8331 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.

Learn more about our Web Application Penetration Testing UK.