Subject: | |
From: | |
Reply To: | |
Date: | Wed, 19 Dec 2012 09:45:16 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: libtiff security update
Issue Date: 2012-12-18
CVE Numbers: CVE-2012-3401
CVE-2012-4447
CVE-2012-5581
CVE-2012-4564
--
A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF images using the Pixar Log Format encoding. An attacker could
create a specially-crafted TIFF file that, when opened, could cause an
application using libtiff to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-4447)
A stack-based buffer overflow flaw was found in the way libtiff handled
DOTRANGE tags. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff
to crash or, possibly, execute arbitrary code. (CVE-2012-5581)
A heap-based buffer overflow flaw was found in the tiff2pdf tool. An
attacker
could use this flaw to create a specially-crafted TIFF file that would cause
tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)
A missing return value check flaw, leading to a heap-based buffer
overflow, was
found in the ppm2tiff tool. An attacker could use this flaw to create a
specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to
crash or, possibly, execute arbitrary code. (CVE-2012-4564)
All running applications linked against libtiff must be restarted for this
update to take effect.
--
SL5
x86_64
libtiff-3.8.2-18.el5_8.i386.rpm
libtiff-3.8.2-18.el5_8.x86_64.rpm
libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm
libtiff-debuginfo-3.8.2-18.el5_8.x86_64.rpm
libtiff-devel-3.8.2-18.el5_8.i386.rpm
libtiff-devel-3.8.2-18.el5_8.x86_64.rpm
i386
libtiff-3.8.2-18.el5_8.i386.rpm
libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm
libtiff-devel-3.8.2-18.el5_8.i386.rpm
SL6
x86_64
libtiff-3.9.4-9.el6_3.i686.rpm
libtiff-3.9.4-9.el6_3.x86_64.rpm
libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm
libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm
libtiff-devel-3.9.4-9.el6_3.i686.rpm
libtiff-devel-3.9.4-9.el6_3.x86_64.rpm
libtiff-static-3.9.4-9.el6_3.x86_64.rpm
i386
libtiff-3.9.4-9.el6_3.i686.rpm
libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm
libtiff-devel-3.9.4-9.el6_3.i686.rpm
libtiff-static-3.9.4-9.el6_3.i686.rpm
- Scientific Linux Development Team
|
|
|