CVE-2012-3401

Public on 2012-08-13
Modified on 2014-09-14
Description
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libtiff 2012-12-20 ALAS-2012-147 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P