Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.
4c1d531cd4481a5572a3c053df88570eab2536699dd069f5b711c89773f211c5Mandriva Linux Security Advisory 2011-043 - A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with CCITT Group 4 encoding.
a30c069b2a4cc6efb9588b6a66dfd73bfd71758866bd0849dc058e1257a3f581Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.
45d95127402793a3fd0da4d97ff4af68efb1a762e184604e26b562f4cf3e42a6Gentoo Linux Security Advisory GLSA 200908-03 - Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Versions less than 3.8.2-r8 are affected.
f7c68056e3b92a22ed1f5be10fff48a024de8701ef5c50cb4bc4d3177d05c354Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.
90aff0a5960233fb9cd84f73ebc463ce903c3508c40dd8edf5d93294d238679aDebian Security Advisory 1835-1 - Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF).
5169c0b4d9807452ec091dc33435bd5b563acc2795c454a89ecd296a597c2ac2Ubuntu Security Notice USN-801-1 - Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.
fbebd80ad0fa9ea3d1e1115edd08f092c3087a2125a9d4d8fdd3d7c74650ceabMandriva Linux Security Advisory 2009-150 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.
10574ff24efb8275b0d6a98f173fd59b823216304e43547bd800fc89a9846c46The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a small collection of tools for manipulating TIFF images. The cvt_whole_image function used in the tiff2rgba tool and the tiffcvt function used in the rgb2ycbcr tool do not properly validate the width and height of the image. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.
9e9c7deaec9dd58d4d77399f154f17a206dba8d37ca5edc54e61b7f12217a6ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed