CVE-2011-1167

EPSS 5.5%

Published: 3/28/2011Modified: 4/28/2026

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Affected packages (1)

Debian/tifffrom 0, < 3.9.4-9

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1167