Release date: 2012-11-02
Updated on:
Affected Systems:
LibTIFF 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56372
Cve id: CVE-2012-4564
LibTIFF is a library used to read and write label image files (abbreviated as TIFF.
LibTIFF 4.0.3 and other versions have the heap buffer overflow vulnerability. when parsing graphics, the "ppm2tiff" tool (tools/ppm2tiff. c) internal errors can be exploited. A specially crafted PPM image can cause buffer overflow.
<* Source: Huzaifa Sidhpurwala
Link: http://secunia.com/advisories/51133/
Https://bugzilla.RedHat.com/show_bug.cgi? Id = 871700
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
LibTIFF
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.libtiff.org/