CVE-2012-2113

Priority
Description
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted tiff image, which triggers a
heap-based buffer overflow.
Notes
 mdeslaur> can be reproduced with CVE-2012-1173 reproducer with
 mdeslaur> "tiff2pdf poc.tif"
Assigned-to
mdeslaur
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.2)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.9.5-2ubuntu2)
Patches:
Other:https://bugzilla.redhat.com/attachment.cgi?id=578149
More Information

Updated: 2018-10-22 14:01:18 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)