F5 Networks BIG-IP : LibTIFF vulnerability (K11220361)
Medium Nessus Plugin ID 105400
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
This vulnerability allows a remote attacker to cause a denial-of-service (DoS) attack.BIG-IP systems that use a BIG-IP AAM or BIG-IP WebAccelerator policy configured with the Image Optimization settings enabled for TIFF files are vulnerable to this issue.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K11220361.