E18-5o711
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2018
Description
The strike exploits a heap buffer overflow vulnerability in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG.
A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file
compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the execution
of arbitrary code under the security context of the program using LibTIFF.
CVE
https://code.google.com/p/google-security-research/issues/detail?id=1697