Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN11-TIFF-514595
- published 21 May 2017
- disclosed 21 May 2017
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply to the upstream
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.