Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 07:34
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
CVE-2012-2088 libtiff: Type conversion flaw leading to heap-buffer overflow
Red Hat Security Errata
|Red Hat Enterprise Linux 6 (libtiff)||RHSA-2012:1054||2012-07-03|
|Red Hat Enterprise Linux 5 (libtiff)||RHSA-2012:1054||2012-07-03|