LibTIFF CVE-2016-9538 Integer Overflow Vulnerability

The LibTIFF is prone to an integer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

LibTIFF 4.0.6 is vulnerable; other versions may also be affected.

NOTE: This issue was previously described in BID 94484 (LibTIFF Multiple Security Vulnerabilites) but has been given its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus