CVE-2016-8331

NameCVE-2016-8331
DescriptionAn exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-693-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)jessie, jessie (lts)4.0.3-12.3+deb8u17fixed
stretch (security)4.0.8-2+deb9u8fixed
stretch (lts), stretch4.0.8-2+deb9u12fixed
buster (security), buster, buster (lts)4.1.0+git191117-2~deb10u9fixed
bullseye (security), bullseye4.2.0-1+deb11u5fixed
bookworm (security), bookworm4.5.0-6+deb12u1fixed
sid, trixie4.5.1+git230720-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsourcewheezy4.0.2-6+deb7u7DLA-693-1
tiffsourcejessie4.0.3-12.3+deb8u2
tiffsource(unstable)4.0.6-3
tiff3sourcewheezy(not affected)
tiff3source(unstable)(unfixed)

Notes

[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
http://www.talosintelligence.com/reports/TALOS-2016-0190/
thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
From the backtrace shared in the report, we can see that the crash is triggered though the thumbnail tool which has been dropped upstream.

Search for package or bug name: Reporting problems