An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFFs tag extension functionality.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libtiff | Libtiff | 4.0.6 (including) | 4.0.6 (including) |