CVE-2009-2347

Priority
Description
Multiple integer overflows in inter-color spaces conversion tools in
libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers
to execute arbitrary code via a TIFF image with large (1) width and (2)
height values, which triggers a heap-based buffer overflow in the (a)
cvt_whole_image function in tiff2rgba and (b) tiffcvt function in
rgb2ycbcr.
Assigned-to
mdeslaur
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (3.8.2-13)
More Information

Updated: 2019-03-19 11:50:13 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)