Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 up to and including 3.8.2, 3.9, and 4.0 allow context-dependent malicious users to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libtiff libtiff 3.8.0 |
||
libtiff libtiff 3.8.1 |
||
libtiff libtiff 3.9 |
||
libtiff libtiff 4.0 |
||
libtiff libtiff 3.8.2 |