GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue May 30, 2006 5:26 pm Post subject: [ GLSA 200605-17 ] libTIFF: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: libTIFF: Multiple vulnerabilities (GLSA 200605-17)
Severity: normal
Exploitable: remote
Date: May 30, 2006
Bug(s): #129675
ID: 200605-17
Synopsis
Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service.
Background
libTIFF provides support for reading and manipulating TIFF images.
Affected Packages
Package: media-libs/tiff
Vulnerable: < 3.8.1
Unaffected: >= 3.8.1
Architectures: All supported architectures
Description
Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF.
Impact
An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1" |
References
CVE-2006-0405
CVE-2006-2024
CVE-2006-2025
CVE-2006-2026 |
|