| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function horizontalDifference8(). An attacker could control the head data of next heap which contains pre_size field and size filed to result in denial of service or arbitrary code execution. |
|
| References |
| + |
http://seclists.org/oss-sec/2016/q2/57 |
| + |
http://bugzilla.maptools.org/show_bug.cgi?id=2544 |
|
| Notes |
|