An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
[
{
"product": "LibTiff",
"vendor": "LibTiff",
"versions": [
{
"status": "affected",
"version": "4.0.6"
}
]
}
]