CVE-2012-3401

Name of the Vulnerable Software and Affected Versions libTIFF versions 4.0.2 and earlier

Description The issue is related to the t2p read tiff init function in tiff2pdf (tools/tiff2pdf.c) which does not properly initialize the T2P context struct pointer in certain error conditions. This allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. The vulnerability can be exploited remotely.

Recommendations For libTIFF versions 4.0.2 and earlier, consider disabling the t2p read tiff init function until a patch is available to prevent potential exploitation. Restrict access to the tiff2pdf tool to minimize the risk of exploitation. Avoid using the tiff2pdf tool with untrusted TIFF images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.