Your submission was sent successfully! Close

CVE-2012-1173

Published: 4 April 2012

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
hardy
Released (3.8.2-7ubuntu3.10)
lucid
Released (3.9.2-2ubuntu0.8)
maverick
Released (3.9.4-2ubuntu0.5)
natty
Released (3.9.4-5ubuntu6.1)
oneiric
Released (3.9.5-1ubuntu1.1)
upstream Needs triage