CVE-2012-2088
EPSS 3.0%Published: 7/22/2012Modified: 4/28/2026
Description
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
Affected packages (1)
- Debian/tifffrom 0, < 4.0-1