Joined: 12 May 2004
|Posted: Tue May 30, 2006 5:26 pm Post subject: [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: libTIFF: Multiple vulnerabilities (GLSA 200605-17)
Date: May 30, 2006
Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service.
libTIFF provides support for reading and manipulating TIFF images.
Vulnerable: < 3.8.1
Unaffected: >= 3.8.1
Architectures: All supported architectures
Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF.
An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1"