Talos researchers are warning that the LibTIFF library hosts three critical flaws, all of which can lead to remote code execution.
LibTIFF is a library used to read, write, and process TIFF image files. According to Tyler Bohan, a senior research engineer with the Cisco Talos security team, this library contains three serious security problems which can give attackers the opportunity to compromise user systems.
On October 25, Cisco's Talos said in a blog post the first vulnerability, CVE-2016-5652, is an exploitable heap-based buffer overflow flaw. The bug impacts the LibTIFF TIFF2PDF conversion tool, bundled with the library, which is utilized for JPEG compression.
The second security flaw, CVE-2016-8331, was discovered through the incorrect parsing and handling of TIFF images in the LibTIFF API. In the standard build, RFC 2306, the bug exists in the handling of the 'BadFaxLines' field which can result in a write to out-of-bounds memory issue.
Attackers can craft TIFF files to exploit this flaw and remotely execute code.
The final vulnerability, CVE-2016-5875 is an exploitable heap-based buffer overflow security flaw which can be found within LibTIFF's PixarLogDecode API. The problem is caused by the improper handling of compressed TIFF images and undersized buffers.
If an attacker is able to trick a user into processing a malformed or malicious TIFF document, they are then able to trigger remote code execution on target systems.
There is yet to be an official LibTIFF release which patches these flaws, and one of the vulnerabilities, CVE-2016-8331, remains unpatched. However, users of the library can acquire patches for CVE-2016-5652 and CVE-2016-5875 by accessing LibTIFF's GitHub repository.