These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos.
Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to remote code execution. The final vulnerability (TALOS-2016-0205) is an exploitable heap based buffer overflow in the handling of compressed TIFF images in LibTIFF's PixarLogDecode API. An attacker who can trick a user into processing a malformed TIFF document can use one of these vulnerabilities to achieve remote code execution on the targeted system.
The Tagged Image File Format (TIFF) was developed in the mid-1980's as a common file format able to store image data in a lossless format for the burgeoning image manipulation industry. Since then TIFF files have been widely adopted within the graphic arts industry, and also by electronic fax systems.
«Read_More»
Tags:
Cisco Systems Inc. published this content on 25 October 2016 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 25 October 2016 16:15:05 UTC.
Original documenthttp://blogs.cisco.com/security/talos/libtiff-code-execution
Public permalinkhttp://www.publicnow.com/view/18157EDF7E4DB85E7AA0370780D2709376CE463E
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).