tiff -- buffer overflow vulnerability

2005-05-10T00:00:00
ID 68222076-010B-11DA-BC08-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2006-06-08T00:00:00

Description

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.