CVE-2016-8331Type Confusion in Tiff

CWE-843Type Confusion13 documents8 sources
Severity
8.1HIGHNVD
EPSS
6.2%
top 9.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedOct 28
Latest updateMay 13

Description

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDlibtiff/libtiff4.0.6
debiandebian/tiff< tiff 4.0.6-3 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-q4f8-9474-jr7m: An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 42022-05-13
OSV
CVE-2016-8331: An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 42016-10-28

📋Vendor Advisories

4
Ubuntu
LibTIFF vulnerabilities2017-07-19
Ubuntu
LibTIFF vulnerabilities2017-02-27
Red Hat
libtiff: FAX IFD Entry Parsing Type Confusion2016-10-25
Debian
CVE-2016-8331: tiff - An exploitable remote code execution vulnerability exists in the handling of TIF...2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution2016-10-25
Talos
Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution2016-10-25

💬Community

4
Bugzilla
CVE-2016-8331 libtiff: FAX IFD Entry Parsing Type Confusion2016-10-27
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 mingw-libtiff: various flaws [epel-7]2016-10-27
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 libtiff: various flaws [fedora-all]2016-10-27
Bugzilla
CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 mingw-libtiff: various flaws [fedora-all]2016-10-27