PCLinuxOS-Forums
News: Wishing everyone a Happy 2012
 
Home Help Search Login Register
*
Welcome, Guest. Please login or register. February 11, 2012, 12:54:51 AM


Login with username, password and session length


Main
PCLinuxOS-Forums > Software > Software Announcements > Security Update: libtiff-3.9.4-5
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security Update: libtiff-3.9.4-5  (Read 656 times)
Texstar
Administrator
Super Villain
*****
Offline Offline

Posts: 11861
« on: August 15, 2010, 06:08:53 PM »
Multiple vulnerabilities has been discovered and corrected in libtiff:
 
 The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in
 ImageMagick, does not properly handle invalid ReferenceBlackWhite
 values, which allows remote attackers to cause a denial of service
 (application crash) via a crafted TIFF image that triggers an array
 index error, related to downsampled OJPEG input. (CVE-2010-2595)
 
 Multiple integer overflows in the Fax3SetupState function in tif_fax3.c
 in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to
 execute arbitrary code or cause a denial of service (application crash)
 via a crafted TIFF file that triggers a heap-based buffer overflow
 (CVE-2010-1411).
 
 Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3
 allows remote attackers to cause a denial of service (application
 crash) or possibly execute arbitrary code via a crafted TIFF file
 that triggers a buffer overflow (CVE-2010-2065).
 
 The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers
 to cause a denial of service (out-of-bounds read and application crash)
 via a TIFF file with an invalid combination of SamplesPerPixel and
 Photometric values (CVE-2010-2483).
 
 The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2
 makes incorrect calls to the TIFFGetField function, which allows
 remote attackers to cause a denial of service (application crash) via
 a crafted TIFF image, related to downsampled OJPEG input and possibly
 related to a compiler optimization that triggers a divide-by-zero error
 (CVE-2010-2597).
 
 The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly
 handle unknown tag types in TIFF directory entries, which allows
 remote attackers to cause a denial of service (out-of-bounds read
 and application crash) via a crafted TIFF file (CVE-2010-248).
 
 Stack-based buffer overflow in the TIFFFetchSubjectDistance function
 in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to
 cause a denial of service (application crash) or possibly execute
 arbitrary code via a long EXIF SubjectDistance field in a TIFF file
 (CVE-2010-2067).
 
 tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as
 used in ImageMagick, does not properly perform vertical flips, which
 allows remote attackers to cause a denial of service (application
 crash) or possibly execute arbitrary code via a crafted TIFF image,
 related to downsampled OJPEG input. (CVE-2010-2233).
 
 LibTIFF 3.9.4 and earlier does not properly handle an invalid
 td_stripbytecount field, which allows remote attackers to cause a
 denial of service (NULL pointer dereference and application crash)
 via a crafted TIFF file, a different vulnerability than CVE-2010-2443
 (CVE-2010-2482).
 
 The updated packages have been patched to correct these issues
Logged
Follow the development of PCLinuxOS on Twitter
Help fund the PCLinuxOS project!

"I'm not so good on advice, can I interest you in a sarcastic reply?"
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM