• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

LibTIFF Heap Corruption Integer Overflow Vulnerabilities

LibTIFF is affected by two heap-corruption vulnerabilities caused by integer-overflow errors that can be triggered when handling malicious or malformed image files. An attacker could exploit the vulnerabilities to execute arbitrary code when TIFF image data is processed (i.e. displayed). The code would run in the context of an application linked to the library. Since image data is often external in origin, these vulnerabilities are remotely exploitable.