Arbitrary Code Execution

2019-01-1508:57:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.044 Low

EPSS

Percentile

92.5%

JSON

libtiff is vulnerable to arbitrary code execution attacks. The vulnerability exists as a heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

CPENameOperatorVersion
libtiffeq3.9.4__6.el6_3
libtiffeq3.9.4__1.el6
libtiffeq3.8.2__7.el5_5.5
libtiffeq3.9.4__9.el6_3
libtiffeq3.8.2__7.el5
libtiffeq3.8.2__7.el5_3.4
libtiffeq3.9.4__1.el6_0.1
libtiffeq3.8.2__7.el5_6.6
libtiffeq3.8.2__18.el5_8
libtiffeq3.8.2__15.el5_8

Name	Operator	Version
libtiff	eq	3.9.4__6.el6_3
libtiff	eq	3.9.4__1.el6
libtiff	eq	3.8.2__7.el5_5.5
libtiff	eq	3.9.4__9.el6_3
libtiff	eq	3.8.2__7.el5
libtiff	eq	3.8.2__7.el5_3.4
libtiff	eq	3.9.4__1.el6_0.1
libtiff	eq	3.8.2__7.el5_6.6
libtiff	eq	3.8.2__18.el5_8
libtiff	eq	3.8.2__15.el5_8