CVE-2012-4564

Name of the Vulnerable Software and Affected Versions tiff versions prior to 4.0.3-r6

Description The issue concerns multiple vulnerabilities in the tiff package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the ppm2tiff function does not check the return value of the TIFFScanlineSize function, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image. This can trigger an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

Recommendations For versions prior to 4.0.3-r6, update to version 4.0.3-r6 or later to resolve the issue. As a temporary workaround, consider restricting access to the ppm2tiff function and avoiding the use of crafted PPM images until a patch is applied. Additionally, ensure that all TIFFScanlineSize function calls are properly validated to prevent potential overflows and buffer issues.