FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- buffer overflow vulnerability

Affected packages
tiff < 3.9.3
linux-tiff < 3.9.3


VuXML ID 313da7dc-763b-11df-bcce-0018f3e2eb82
Discovery 2010-04-15
Entry 2010-06-12

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of for reporting these issues.


CVE Name CVE-2010-1411