Published: 02 December 2017
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
CVSS 3 base score: 8.8
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
proposed patch in upstream bug we will not be fixing this issue in precise/esm