LibTIFF version 4.0.7 suffers from a _TIFFVGetField (tiffsplit) out-of-bounds read vulnerability.
5d4e42b44d706946d69bc7503e51abb36b8953e7b1033ff9d0d190155d246500Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
149b7cb1a9d75035cbf157d9a41f74cd86afc4f26ebe2a53fe79e88cc5726a0bSecunia Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library.
b6adb0f5c2cd0d2db0691a702e6f17a9378fc2a914f74b3fe385735a483cb411Mandriva Linux Security Advisory 2012-101 - libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. The updated packages have been patched to correct these issues.
e81bc3fded716546e6bd858f7b6520b39a17eed684d0ca55ad4f000fcdc900f2Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
0456f25651464a634deb1f501036d133029ea556de98ef2b864eed4a5b55c988Red Hat Security Advisory 2012-1054-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code.
aa7091faf66f19c024f40bef276e0d72c10f88b0a3f2bd15a274362485c96a2dSecunia Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library.
40760766bf952d433ac0dcc99af277e2e293d8e745d2a6214ea18dfe9a2b431cSecunia Security Advisory - Slackware has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
c4de3a01819c448ea06e3460d62ed903228426a9f2134bd1afaf01663b62164cSecunia Security Advisory - SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
6ec021d652eaeb9861e750612185eeac2053f035f5363f16d0d8f85c560ab38dRed Hat Security Advisory 2012-0468-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
1c154b2cc7b2764e4eb386316ad291c0776e267591f9cfe7e2c473ddf73fde81Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
04ede0e5d20f0d7731ab68d8fff762a459d3c7e51d325ebc78dfcd1341bbbbd2Mandriva Linux Security Advisory 2012-054 - An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file. The updated packages have been patched to correct this issue.
c2470d757530bdc1d852c273dcedf2585d7fa9b116357c0843f71011fcfb5e3dSecunia Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library.
ea06128a7043bb5311c923e35e0e8541519539404ef9be97214ea7a24767305aZero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.
fe46d7a57b0e88f1c4ee58713d2a9fcb8a6fd911ea38779a0a88cd29be04b5d1Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
f30c7ec679e897b13a8baf7fa0e5da1d36fa24c24d77706ef4a75852e155cb43Secunia Security Advisory - Fedora has issued an update for mingw32-libtiff. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
dbabedb6edc5b425b86ef3b0b4799cacf09b38357f047cde1335ea48b0c91df8Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
1bd35cf3c30c2fa838d73712bbebc4f94c7bc92f162128db884d7b1c04f79db3Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
546632baecced22fb1917e225547541ddbd1fd2d3f4f7ebda664a754aaeb0d5eSecunia Security Advisory - Fedora has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
fc5a09cd7bb1ef611364e7f980d8ebf9393d2a89b26e88492ff34ce50c661886Mandriva Linux Security Advisory 2011-078 - The libtiff OJPEG decoder contains a heap buffer overflow when decoding certain malformed data. The updated packages have been patched to correct this issue.
e6210332ba17e9cdae458081c53340ddfd8055e6279d57841904f56076d7368dSecunia Security Advisory - Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
817d746ff6cccad7e2ef121428f635d755172acd80d8e1fe92b8c4ecbcd07d06Secunia Security Advisory - Slackware has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
3c85858b623eecafc0d800b31776e65399dc0dfed4f3d989fd37572e182b5d2bSecunia Security Advisory - Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
d0ab795c0b021445fde379604ccf82c2589e567ee4df4f6242986e6e497680dcMandriva Linux Security Advisory 2011-064 - Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a.tiff file that has an unexpected BitsPerSample value.
6ac748ece14189ec17ddd69410b44f068bff96190b2fe40bcf033768554b799fSecunia Security Advisory - Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
88a945592541dd6c37a30ee20460153f08a47b60ab23a6d127499524fcb29690Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
d3a0b924674ec7270e25bae94b5a301c1c19719fd30deca949a29b5338f62805
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed