Your submission was sent successfully! Close

CVE-2012-3401

Published: 19 July 2012

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (3.9.6-7)
tiff3
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.2-2)