ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libtiff | Libtiff | * | 4.0.3 (including) |