F5 Networks BIG-IP : LibTIFF vulnerabilities (K89096577)
Medium Nessus Plugin ID 94648
SynopsisThe remote device is missing a vendor-supplied security patch.
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Note : This was previously referenced as CVE-2016-5320. All CVE users should reference CVE-2016-5314 instead of CVE-2016-5320.
CVE-2015-8784 The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
An attacker can use specially crafted TIFF files to execute arbitrary code with the limited privileges of the image optimization process.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K89096577.