CVE-2012-4447

Public on 2012-10-28
Modified on 2014-09-14
Description
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libtiff 2012-12-20 ALAS-2012-147 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P