| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow via JPEG Compression Tables resulting in remote code execution. This vulnerability can be triggered via a saved TIFF file delivered by other means. |
|
| References |
| + |
http://www.talosintelligence.com/reports/TALOS-2016-0187/ |
| + |
https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63 |
|
| Notes |
|