Nathan Baker

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.0.9 Description: The issue is related to an uncontrolled resource consumption in the `TIFFSetDirectory` function of `tif dir.c`. This can be exploited by remote attackers to cause a denial of service (DoS) via a crafted tif file. The problem occurs because the declared number of directory entries is not validated against the actual number of directory entries. Recommendations: For LibTIFF version 4.0.9, consider disabling the `TIFFSetDirectory` function as a temporary workaround until a patch is available. Restrict access to manipulated tif files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.