CVE-2009-5022
tiff - buffer overflow
EPSS 16.6%
Description
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
How to fix CVE-2009-5022
To remediate CVE-2009-5022, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 3.9.5-1 or later
- Debian/tiff—upgrade to 3.9.4-5+squeeze2 or later
Is CVE-2009-5022 being exploited?
Moderate — EPSS is 16.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.9.5-1
- from 0, < 3.9.4-5+squeeze2