Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libtiff | Libtiff | 3.9.4 (including) | 3.9.4 (including) |