• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

It has been reported that 'tiffdump' is affected by a heap corruption vulnerability due to an integer overflow error that can be triggered when malicious or malformed image files are processed. Theoretically, an attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application when TIFF image data is processed. Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable.