[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2009:1159-01 -- Redhat libtiff

ID: oval:org.secpod.oval:def:500650Date: (C)2012-01-31   (M)2023-11-18
Class: PATCHFamily: unix




The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially-crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. A buffer underwrite flaw was found in libtiff"s Lempel-Ziv-Welch compression algorithm decoder. An attacker could create a specially-crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service . The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library must be restarted for the update to take effect.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 3
Product:
libtiff
Reference:
RHSA-2009:1159-01
CVE-2009-2285
CVE-2009-2347
CVE    2
CVE-2009-2347
CVE-2009-2285
CPE    9
cpe:/a:libtiff:libtiff:3.8.0
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:4
cpe:/a:libtiff:libtiff:3.8.2
...

© SecPod Technologies