cbcvebase.
CVE-2012-1173
published 2012-06-04

CVE-2012-1173: Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which…

PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
6.92%
93.3th percentile
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 4.0.1-2 (bookworm)tiff 4.0.1-2 (bookworm)
libtifflibtiff

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.