Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.
fe46d7a57b0e88f1c4ee58713d2a9fcb8a6fd911ea38779a0a88cd29be04b5d1
Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.
02e8f7a4c424124d22e17346178b9572a0ee2b0c30f9d6f5ea1a83396cac5441
Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.
35dd59f756d92b64f5716ea63b858fac3d771b002aa63e45e87c38f2235d59ee
Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.
e76f9d9701f3ba6cb4b0952f13fee917025fdfaed8cd57eae5ad1df836cb0b1f
Mandriva Linux Security Advisory MDKSA-2006-136 - Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library. Older versions of kdegraphics use an embedded copy of the libtiff code.
3bbf3a925c124d13b730b87a6f85b70e473d95635bce0807246f5170dec94594
SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.
6a33cbb63f8b28b041c9fe86b364e74bd2a3ac1255c40090586f0c51a9e70e23