CVE-2012-4447

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.0.3

Description The issue is related to multiple vulnerabilities in the tiff package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A heap-based buffer overflow in tif pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

Recommendations For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the PixarLog Compression format in TIFF images until a patch is available. Restrict access to crafted TIFF images to minimize the risk of exploitation.