LibTIFF Memory Corruption Vulnerability in tiffcrop Component

A memory corruption vulnerability has been identified in LibTIFF version 4.7.0, specifically within the tiffcrop utility. The issue arises in the 'main' function of 'tiffcrop.c', where the program improperly manages memory, leading to segmentation faults. This vulnerability is triggered when tiffcrop processes malformed TIFF images with invalid parameters, such as unsupported bit depth. The flaw has been publicly disclosed and is exploitable under local conditions.

Impact

Exploitation of this vulnerability causes a segmentation fault, where the program attempts to access invalid memory, leading to a crash. This type of memory corruption can often be exploited to execute arbitrary code or cause other unintended behavior.

Reproduction

The vulnerability can be reproduced by compiling LibTIFF with debugging symbols, then running the tiffcrop utility with a crafted TIFF file that includes unsupported bit depth. The program will crash with a segmentation fault, indicating the memory access violation.