CVE-2012-2088

Priority
Description
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c
in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
negative tile depth in a tiff image, which triggers an improper conversion
between signed and unsigned types, leading to a heap-based buffer overflow.
Assigned-to
mdeslaur
Notes
jdstrandclaimed to only affect 3.x, not 4.x
Package
Source: tiff (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (3.9.5-2ubuntu2)
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=578148
Vendor:http://patch-tracker.debian.org/patch/series/view/tiff3/3.9.6-6/CVE-2012-2088.patch
More Information

Updated: 2020-03-18 22:09:00 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)