Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23725
HistoryApr 10, 2020 - 12:34 a.m.

Arbitrary Code Execution

2020-04-1000:34:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

EPSS

0.008

Percentile

81.9%

libtiff is vulnerable to arbitrary code execution. The vulnerability exists as multiple uses of uninitialized values were discovered in libtiff’s Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

References