VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09Gentoo Linux Security Advisory GLSA 200809-07 - Multiple buffer underflow vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Drew Yao (Apple Product Security) and Clay Wood reported multiple buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in tif_lzw.c when processing TIFF files. Versions less than 3.8.2-r4 are affected.
ffd0b71441ad8fd296af027506216a799d040c877ec2b91fdd02c3146f4fa694Mandriva Linux Security Advisory - Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue.
d48a8e56693a581360a4d4704458409a15be75044e1e7812103d06ebab38680eUbuntu Security Notice 639-1 - Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.
7425ed6ce5a705daa62cf3c489f5af480a0daa6f5c020b5c007d7196b3cb683cPardus Linux Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
4b1155a3c4fc7782e4b2a42dbe108c156dbc1b5e5f22ea2ec736bbd250b6459cDebian Security Advisory 1632-1 - Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
d67d4eb8e9b19dde12725793fb6a0732fccdcb9fc65aeee6f513e69a7726a14e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed