Think you have a false positive on this rule?

Sid 1-51097


FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt


This event is generated upon download of a potentially crafted TIFF file.


Attempted User Privilege Gain

Detailed information

Crafted JBIG compressed TIFF files will crash multiple products using vulnerable versions of libtiff.

Affected systems

  • libtiff v.4.0.9 and prior

Ease of attack

False positives

False negatives

Corrective action

Upgrade all products using vulnerable libtiff versions.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-18557