CVE-2016-9297

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.6

Description The issue is related to the TIFFFetchNormalTag function in the LibTIFF library, which is caused by an out-of-bounds operation on the stack. This can be exploited by a remote attacker using specially crafted files or tags, potentially leading to a denial of service due to out-of-bounds memory read. The exploitation may involve crafted TIFF SETGET C16ASCII or TIFF SETGET C32 ASCII tag values.

Recommendations For LibTIFF version 4.0.6, consider updating to a newer version that addresses this issue, as using crafted tag values can lead to a denial of service. As a temporary workaround, consider restricting the use of the TIFFFetchNormalTag function or validating input files and tags to minimize the risk of exploitation.