FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt
Vulnerabilities in multiple products' TIFF image parsers allow for potential remote code execution via a crafted .tiff or .tif file.
Potential user access to a victim's machine.
CVE-2016-4631:
CVSS base score 8.8
CVSS impact score 5.9
CVSS exploitability score 2.8
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
Rule checks for an attempt to exploit a buffer overflow vulnerability via a crafted .tiff or .tif file. CVE-2016-4631: ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
Hard
None known
None known