Security Advisory

CVE-2012-2088

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-22 17:00:00
Last updated 2024-08-06 19:26:07
Assigner redhat
State PUBLISHED

Description

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.