Heap-based Buffer Overflow in LibTIFF's tiffcrop Tool
CVE-2016-3991
7.8HIGH
Summary
A vulnerability exists in the loadImage function of the tiffcrop tool in LibTIFF versions 4.0.6 and earlier. This flaw allows remote attackers to exploit a crafted TIFF image that contains zero tiles. By doing so, they can trigger an out-of-bounds write, which may result in the application crashing or executing arbitrary code. This issue has significant implications for system security, particularly in environments where untrusted images are processed.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved