1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200605-17 / libtiff |
| Release Date | May 30, 2006 |
| Latest Revision | May 30, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-libs/tiff | < 3.8.1 | >= 3.8.1 | All supported architectures |
Related bugreports: #129675
Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service.
libTIFF provides support for reading and manipulating TIFF images.
Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF.
An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1" |