Zero Day Initiative Advisory 11-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. This can cause a heap-based buffer overflow which can lead to code execution under the context of the application utilizing the library.
f1d4d8acff820dcd02f8053911e1e22474dd7f125e7c445b1092b25c62735990