CVE-2011-1167

Name of the Vulnerable Software and Affected Versions LibTIFF versions 3.9.4 and earlier

Description The issue is related to a heap-based buffer overflow in the Thunder decoder, which can be exploited by remote attackers through crafted THUNDER 2BITDELTAS data in a .tiff file with an unexpected BitsPerSample value, potentially allowing the execution of arbitrary code. Multiple vulnerabilities in the tiff package may lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For LibTIFF versions 3.9.4 and earlier, update to a version later than 3.9.4 to resolve the issue. As a temporary workaround, consider restricting the use of the Thunder decoder in tif thunder.c to minimize the risk of exploitation.