Apple Security Advisory 2012-09-24-1 - Apple TV 5.1 is now available and addresses issues relating to malicious media loading, memory corruption, and more.
02d5cf6eea27e80e9fb74ce87ba23963
Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.
b1e333c1e644cbcc9addafc4e21e030b
Apple Security Advisory 2012-09-19-1 - iOS 6 is now available and addresses CFNetwork, CoreGraphics, CoreMedia, DHCP, and many other vulnerabilities.
abb1cfa99a6e945bda478975a09addde
Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
9614673327dc336467f1b3577177a46e
Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.
8fe868bea54053b8adeccaecf10eb251
Debian Linux Security Advisory 2210-2 - The recent tiff update DSA-2210-1 introduced a regression that could lead to encoding problems of tiff files. This update fixes this problem (bug #630042).
91fac7c32a6471b8dc923f000f635166
Ubuntu Security Notice 1102-1 - Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.
abf7620fb04f800373bca0347850f53b
Mandriva Linux Security Advisory 2011-064 - Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a.tiff file that has an unexpected BitsPerSample value.
262e17aff4b7fa90887fc32b4cadd46e
Debian Linux Security Advisory 2210-1 - Several vulnerabilities were discovered in the TIFF manipulation and conversion library.
1b510f5360da3e485b41ac0df0fc2253
Zero Day Initiative Advisory 11-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. This can cause a heap-based buffer overflow which can lead to code execution under the context of the application utilizing the library.
7f8f5717db0c89b80ac0db5a41fa9892