1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200505-07 / tiff |
| Release Date | May 10, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-libs/tiff | < 3.7.2 | >= 3.7.2 | All supported architectures |
Related bugreports: #91584
The libTIFF library is vulnerable to a buffer overflow, potentially resulting in the execution of arbitrary code.
libTIFF provides support for reading and manipulating TIFF (Tag Image File Format) images.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.
Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2" |