- Description
- Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44BC5E2C-B6A6-4999-A1EA-B91DA5C350C7"
},
{
"criteria": "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2850FD9-8BE8-410E-8A24-28549DAACEB3"
},
{
"criteria": "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60A24DC5-2DF5-4CA2-A0CD-BE0650CA6F5B"
},
{
"criteria": "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81A01676-7D0B-4F92-A874-28ACDB728A5F"
},
{
"criteria": "cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "771AFF6D-7E21-4773-9B5B-FBDAAF7E0E57"
}
],
"operator": "OR"
}
]
}
]