9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.034 Low
EPSS
Percentile
91.3%
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in
ImageIO in Apple iTunes before 10.2 on Windows and other products, allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted TIFF image with JPEG encoding.
Author | Note |
---|---|
mdeslaur | this doesn’t reproduce on 3.9.4 in lucid+ |