tif_getimage.c in LibTIFF up to and including 4.0.10, as used in GDAL up to and including 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libtiff libtiff |
||
osgeo gdal |