| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
A stack-based buffer overflow vulnerability was reported in thumbnail's _TIFFVGetField() function. Memory corruption can be triggered when handling maliciously crafted tiff file causing application to crash or possibly execute arbitrary code. |
|
| References |
| + |
http://bugzilla.maptools.org/show_bug.cgi?id=2561 |
| + |
http://seclists.org/oss-sec/2016/q2/486 |
|
| Notes |
| + |
reproducer: http://bugzilla.maptools.org/attachment.cgi?id=671 |
| + |
thumbnail tool removed upstream in 4.0.7 |
|