cbcvebase.
CVE-2011-1167
published 2011-03-28

CVE-2011-1167: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary…

PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
6.23%
92.7th percentile
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debiantiff< tiff 3.9.4-9 (bookworm)tiff 3.9.4-9 (bookworm)
libtifflibtiff<= 3.9.4
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.