CVE-2011-1167

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

How to fix CVE-2011-1167

To remediate CVE-2011-1167, upgrade the affected package to a fixed version below.

• Debian/tiff—upgrade to 3.9.4-9 or later

Is CVE-2011-1167 being exploited?

Low — EPSS is 4.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.9.4-9

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1167