Think you have a false positive on this rule?

Sid 1-51094

Message

FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt

Summary

This event is generated upon download of a potentially crafted TIFF file.

Impact

Attempted User Privilege Gain

Detailed information

Crafted JBIG compressed TIFF files will crash multiple products using vulnerable versions of libtiff.

Affected systems

  • libtiff v.4.0.9 and prior

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-18557