MDVSA-2010:145 -- Mandriva libtiffID: oval:org.secpod.oval:def:300340 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow . Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow . The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values . The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error . The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service via a crafted TIFF file . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |