GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Jul 09, 2006 6:26 pm Post subject: [ GLSA 200607-03 ] libTIFF: Multiple buffer overflows |
 |
|
Gentoo Linux Security Advisory
Title: libTIFF: Multiple buffer overflows (GLSA 200607-03)
Severity: normal
Exploitable: remote
Date: July 09, 2006
Bug(s): #135881
ID: 200607-03
Synopsis
libTIFF contains buffer overflows that could result in arbitrary code execution.
Background
libTIFF provides support for reading and manipulating TIFF images.
Affected Packages
Package: media-libs/tiff
Vulnerable: < 3.8.2-r1
Unaffected: >= 3.8.2-r1
Architectures: All supported architectures
Description
A buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit.
Impact
A remote attacker could entice a user to load a specially crafted TIFF file, resulting in the possible execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r1" |
References
CVE-2006-2193
CVE-2006-2656 |
|
News & Announcements
