A vulnerability in the _TIFFmemcmp
function of LibTIFF could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the _TIFFmemcmp
function, defined in the tif_unix.c
source code file of the affected software. An attacker could exploit this vulnerability by using the tiffcp tool of the affected software to create a TIFF file that submits malicious input to the targeted system. A successful exploit could trigger a NULL pointer dereference condition that causes the software to stop functioning, resulting in a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
LibTIFF has not confirmed the vulnerability, and software updates are not available.