Release date:
Updated on:
Affected Systems:
LibTIFF 3.x
Unaffected system:
LibTIFF 4.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54270
Cve id: CVE-2012-2088
LibTIFF is a library used to read and write label image files (abbreviated as TIFF. This library also contains some command line tools used to process TIFF files. It is distributed in source code mode and can appear in binary mode on multiple platforms.
A heap buffer overflow vulnerability exists in versions earlier than libTIFF 4.0. Attackers can exploit this vulnerability to execute arbitrary code in affected applications.
<* Source: Karel Volny
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
LibTIFF
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.libtiff.org/