Libtiff: >> Libtiff >> 3.9.4 Security Vulnerabilities
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
CVSS Score
6.8
EPSS Score
0.055
Published
2011-03-28
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
CVSS Score
4.3
EPSS Score
0.188
Published
2010-07-06
Page 11