Use-after-free vulnerability in the t2preadwritepdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
{ "ubuntu_priority": "low", "availability": "No subscription required", "binaries": [ { "binary_name": "libtiff-doc", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiff-opengl", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiff-tools", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiff5", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiff5-alt-dev", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiff5-dev", "binary_version": "4.0.3-5ubuntu1" }, { "binary_name": "libtiffxx5", "binary_version": "4.0.3-5ubuntu1" } ] }