# tiffsplit (libtiff <= 3.8.2) local stack buffer overflow PoC tiffsplit from libtiff (http://www.remotesensing.org/libtiff/) is vulnerable to a bss-based and stack-based overflow, but, I just wrote the concept c0de for stack-based b0f 'cause I don't know how to take advantage of the overwritten bss data (after the overflow, that data is overwritten again correctly by a program' function). .bss section is in higher addresses than .dtors section, so, we can't hijack .dtors to.... PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1831.tar.gz (05262006-tiffspl33t.tar.gz) nitr0us # milw0rm.com [2006-05-26]