Inspection and Sanitization Guidance for TIFF File Formats

Abstract: The purpose of this Inspection, Sanitization, and Guidance (ISG) document is to provide guidance for the development of a sanitization and analysis software tool for different versions of Tag Image File Format (TIFF), BigTIFF, and GeoTIFF.  This document analyzes various elements and objects that are contained within the TIFF file structure and then discusses data hiding, data attack, and data disclosure risks.  It will describe how these elements can be a cause for concern from hidden, sensitive data or from possible attempts to exploit a system.  This document provides numerous recommendations and mitigations that could be used to ensure the TIFF file is safer and more accurately conforms to the specification.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234071-17

Dissemination Control: N/A

Length: 61 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data