CVE-2015-7554
📋 TL;DR
This vulnerability in libtiff allows attackers to cause a denial of service (crash) or potentially execute arbitrary code by providing specially crafted TIFF image files. It affects any application that uses libtiff to process TIFF images, including image viewers, document processors, and web applications that handle image uploads.
💻 Affected Systems
- libtiff
- applications using libtiff library
📦 What is this software?
Libtiff by Libtiff
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if an attacker can upload or trigger processing of a malicious TIFF file.
Likely Case
Denial of service through application crashes when processing malicious TIFF files, potentially disrupting services that handle image uploads.
If Mitigated
Limited impact with proper input validation and sandboxing; crashes contained to isolated processes.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: libtiff 4.0.7 and later
Vendor Advisory: http://rhn.redhat.com/errata/RHSA-2016-1546.html
Restart Required: Yes
Instructions:
1. Update libtiff package using system package manager. 2. For Linux: 'sudo yum update libtiff' or 'sudo apt-get update && sudo apt-get upgrade libtiff'. 3. Recompile applications statically linked to libtiff. 4. Restart affected services.
🔧 Temporary Workarounds
Disable TIFF processing
allBlock or reject TIFF file uploads/processing in applications
Input validation
allImplement strict file type validation and size limits for image uploads
🧯 If You Can't Patch
- Implement network segmentation to isolate systems processing TIFF files
- Deploy application sandboxing or containerization to limit exploit impact
🔍 How to Verify
Check if Vulnerable:
Check libtiff version: 'tiffinfo --version' or 'ldconfig -p | grep libtiff'Check Version:
tiffinfo --version 2>&1 | head -1Verify Fix Applied:
Verify libtiff version is 4.0.7 or higher: 'rpm -q libtiff' or 'dpkg -l libtiff*'📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults
- Memory corruption errors in system logs
- Unusual TIFF file processing patterns
Network Indicators:
- Unusual TIFF file uploads to web applications
- TIFF files with abnormal sizes or structures
SIEM Query:
source=*app.log* (segfault OR "memory corruption" OR "invalid write") AND (tiff OR .tif)🔗 References
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html
- http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://seclists.org/fulldisclosure/2015/Dec/119
- http://www.openwall.com/lists/oss-security/2015/12/26/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/archive/1/537205/100/0/threaded
- http://www.securityfocus.com/bid/79699
- https://security.gentoo.org/glsa/201701-16
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html
- http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://seclists.org/fulldisclosure/2015/Dec/119
- http://www.openwall.com/lists/oss-security/2015/12/26/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/archive/1/537205/100/0/threaded
- http://www.securityfocus.com/bid/79699
- https://security.gentoo.org/glsa/201701-16
