iDEFENSE Security Advisory 10.22.04 - An exploitable heap overflow in the handling of malformed tiff files has been discovered in the latest version of libtiff when JPEG support has been enabled. An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end-user to open the malicious tiff file using an application linked with a vulnerable version of libtiff.
47aee7e32dd02f1b2f485dc27406d68b8725b9b7b347564a5a4988fe9d0cf4d9