LibTiff tif_aux.c Integer Overflow Check Denial of Service Vulnerability

By GIXnews


A vulnerability in LibTIFF could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper integer overflow checks in the _TIFFCheckMalloc and _TIFFCheckRealloc functions, as defined in the tif_aux.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to open a file that contains crafted TIFF images. A successful exploit could trigger an integer overflow condition and cause the affected software to crash, resulting in a DoS condition.

LibTIFF has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-14973

Source:: Cisco Multivendor Vulnerability Alerts