← back
CVE-2009-2347

CVE-2009-2347

EPSS 4.2%
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/http://bugzilla.maptools.org/show_bug.cgi?id=2079http://osvdb.org/55821http://osvdb.org/55822https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347http://secunia.com/advisories/35811http://secunia.com/advisories/35817http://secunia.com/advisories/35866http://secunia.com/advisories/35883http://secunia.com/advisories/35911http://secunia.com/advisories/36194http://secunia.com/advisories/50726