CVE-2015-8870

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.0.4

Description The issue allows remote attackers to cause a denial of service or possibly obtain sensitive information from process memory via crafted width and length values in RLE4 or RLE8 data in a BMP file. This is due to an integer overflow in tools/bmp2tiff.c.

Recommendations For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of BMP files with RLE4 or RLE8 data to minimize the risk of exploitation.