Security
Security
The libTIFF library is vulnerable to a buffer overflow, potentially resulting in the execution of arbitrary code.
| Package | media-libs/tiff on all architectures |
|---|---|
| Affected versions | < 3.7.2 |
| Unaffected versions | >= 3.7.2 |
libTIFF provides support for reading and manipulating TIFF (Tag Image File Format) images.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.
Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"
Release date
May 10, 2005
Latest revision
May 22, 2006: 02
Severity
normal
Exploitable
remote
Bugzilla entries