[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2012:1590-01 -- Redhat libtiff

ID: oval:org.secpod.oval:def:500932Date: (C)2012-12-22   (M)2023-12-07
Class: PATCHFamily: unix




The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. A missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM file that would cause ppm2tiff to crash or, possibly, execute arbitrary code. The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product:
libtiff
Reference:
RHSA-2012:1590-01
CVE-2012-3401
CVE-2012-4447
CVE-2012-4564
CVE-2012-5581
CVE    4
CVE-2012-4564
CVE-2012-4447
CVE-2012-3401
CVE-2012-5581
...
CPE    62
cpe:/a:libtiff:libtiff:3.9.2-5.2.1
cpe:/a:libtiff:libtiff:4.0.2
cpe:/a:libtiff:libtiff:4.0.1
cpe:/a:libtiff:libtiff:4.0:alpha
...

© SecPod Technologies