Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile
functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode
is enabled, allow remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image, which triggers an
out-of-bounds write.
Author | Note |
---|---|
mdeslaur | RHEL patch is incorrect, see upstream bug |