Mandriva Linux Security Advisory 2012-174 - Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. The updated packages have been patched to correct these issues.
77a768adbe80cd4b982ace89f614bb542baed7f98b9bac2b9895f19f597fdf85