2 matches found
libtiff: integer overflow in function TIFFReadRGBATileExt of the file
An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tifgetimage.c file, and may lead to a buffer overflow...
libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c
tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition...