Young X

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.0.9 Description: An issue in LibTIFF can cause a denial of service or possibly have other unspecified impacts via a crafted image file. The issue is related to two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. This can be exploited by an attacker to cause an application crash or potentially execute arbitrary code using a specially crafted file. Recommendations: For LibTIFF version 4.0.9, consider avoiding the use of the `cpTags` function in tools/tiff2bw.c and tools/pal2rgb.c until a patch is available. As a temporary workaround, restrict the processing of crafted image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.