Xiaosatianyu

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.9 **Description** A heap-based buffer overflow occurs in the `LZWDecodeCompat` function in `tif lzw.c` via a crafted TIFF file. This issue can be exploited by a remote attacker to cause a denial of service using a specially crafted TIFF file. **Recommendations** For LibTIFF version 4.0.9, consider disabling the `LZWDecodeCompat` function as a temporary workaround until a patch is available. Restrict access to handling TIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.9 **Description** The issue is related to a heap-based buffer over-read in the `PackBitsEncode` function located in `tif packbits.c`. **Recommendations** For LibTIFF version 4.0.9, consider updating to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.