Smpahlman

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 3.9.3 tiff versions prior to 4.0.2-r1 **Description** The issue allows remote attackers to cause problems, including a denial of service, by exploiting the OJPEGReadBufferFill function in LibTIFF. This can happen when the function encounters an OJPEG image with undefined strip offsets. The problem is related to the TIFFVGetField function. Multiple issues in the tiff package can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For LibTIFF versions prior to 3.9.3, update to version 3.9.3 or later to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue.