Ubuntu Security Notice 2205-1 - Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
0a36165cd5461687b32e574203a454a3c7144c64466afed8433775e0d7a46ec0Red Hat Security Advisory 2014-0223-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.
75cdc7caf157b13a85454f0d9bfaca0783cd730c536f634625254045fb9a741eRed Hat Security Advisory 2014-0222-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code.
fdc3e7dab83c94896553be4b8e66657321b93fd53e9799046b33f5e2aeb3cc59Gentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3aSlackware Security Advisory - New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-2088,CVE-2012-2113,CVE-2012-4447,CVE-2012-4564,CVE-2013-1960,CVE-2013-1961,CVE-2013-4231,CVE-2013-4232,CVE-2013-4244.
8efbfdf677fa9982c5f47aeec194dfc0fddb0fe6852beca1661e63d8b3687b4bMandriva Linux Security Advisory 2013-224 - Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.
d884754430c6583ac8b007978378c6bbb0dc76a3035da478c1c21be20416bfc1Debian Linux Security Advisory 2744-1 - Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code.
28493f2a76208a5335d6abcb7ed91978040d7a674fc1aa40821edf071e19f880
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed