Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Max CVSS
6.8
EPSS Score
23.94%
Published
2011-03-28
Updated
2023-02-13
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
Max CVSS
6.8
EPSS Score
26.80%
Published
2011-05-03
Updated
2023-02-13
2 vulnerabilities found