CVE-2012-1173
tiff - integer overflow
EPSS 7.6%
Description
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
How to fix CVE-2012-1173
To remediate CVE-2012-1173, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 4.0.1-2 or later
- Debian/tiff—upgrade to 3.9.4-5+squeeze4 or later
Is CVE-2012-1173 being exploited?
Moderate — EPSS is 7.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 4.0.1-2
- from 0, < 3.9.4-5+squeeze4