CVE-2021-30046

An attacker supplies a crafted TIFF file (the PoC file attached to the report) that triggers a segmentation fault when processed by the `verdandi` tool from Hugin, which uses the VIGRA library. The decoder sets a `scanline` offset that causes the loop in `read_image_band()` to read past the end of the pixel buffer. No authentication or special network access is required; the attack is file‑based and results in a denial of service [ref_id=1].

The vulnerability resides in `vigra::detail::read_image_band()` in `/include/vigra/impex.hxx` (lines 82–89) and the `StandardValueAccessor::set()` function in `/usr/include/vigra/accessor.hxx:234`. The loop advances a `scanline` pointer by an `offset` without validating that the resulting address remains within the allocated image buffer, leading to an out‑of‑bounds dereference [ref_id=1].

The advisory does not include a patch. The report identifies that the `scanline` pointer is advanced by an `offset` without a bounds check before dereferencing in the `set()` call. A proper fix would validate that `scanline` stays within the image's allocated memory region before each access, or ensure that the decoder provides a safe offset that does not exceed the row stride. Without a published fix, users must avoid processing untrusted TIFF files with the affected version [ref_id=1].