Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.
b1e333c1e644cbcc9addafc4e21e030b
Mandriva Linux Security Advisory 2011-043 - A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with CCITT Group 4 encoding.
49d062c22289205b5258adc04c124f6e
Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.
c3aa2058ad49c6e01c78cc679cf4e509
Gentoo Linux Security Advisory GLSA 200908-03 - Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Versions less than 3.8.2-r8 are affected.
13a80046bb6e685e9277961f2fc6b5ce
Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.
c2cb1be5bdb1f6cc552b4d556874cbf8
Debian Security Advisory 1835-1 - Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF).
dd1a0b2fba3b09d64fc647da4eb752fc
Ubuntu Security Notice USN-801-1 - Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.
d7dae23ae367916f0423437eb1b2dc98
Mandriva Linux Security Advisory 2009-150 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.
33b59999b058fe5c11bbed5224e53bc0
The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a small collection of tools for manipulating TIFF images. The cvt_whole_image function used in the tiff2rgba tool and the tiffcvt function used in the rgb2ycbcr tool do not properly validate the width and height of the image. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.
fcb3f51181cf6c6954e889e7098ad494