A NULL pointer dereference flaw was found in Libtiff’s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
[
{
"vendor": "n/a",
"product": "libtiff",
"versions": [
{
"version": "Fixed in libtiff v4.5.0",
"status": "affected"
}
]
}
]