9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.1%
Tielei Wang:
Multiple integer overflows in inter-color spaces conversion
tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow
context-dependent attackers to execute arbitrary code via a
TIFF image with large (1) width and (2) height values, which
triggers a heap-based buffer overflow in the (a) cvt_whole_image
function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.