CVE-2016-8331

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.6

Description A remote code execution issue exists in the handling of TIFF images. This is due to a type confusion vulnerability that can be triggered by a crafted TIFF document, potentially allowing remote code execution. The vulnerability can be exploited via a TIFF file delivered to the application using LibTIFF's tag extension functionality.

Recommendations For LibTIFF version 4.0.6, consider avoiding the use of TIFF files or restricting access to the tag extension functionality until a patch is available. As a temporary workaround, disabling the handling of TIFF images may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.