blob: 2d5b9be1c6fc51d83e8c49132129a80a9378c627 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200505-07">
<title>libTIFF: Buffer overflow</title>
The libTIFF library is vulnerable to a buffer overflow, potentially
resulting in the execution of arbitrary code.
<product type="ebuild">tiff</product>
<announced>May 10, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="media-libs/tiff" auto="yes" arch="*">
<unaffected range="ge">3.7.2</unaffected>
<vulnerable range="lt">3.7.2</vulnerable>
libTIFF provides support for reading and manipulating TIFF (Tag Image
File Format) images.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
stack based buffer overflow in the libTIFF library when reading a TIFF
image with a malformed BitsPerSample tag.
<impact type="normal">
Successful exploitation would require the victim to open a specially
crafted TIFF image, resulting in the execution of arbitrary code.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/tiff-3.7.2&quot;</code>
<uri link="">LIBTIFF BUG#863</uri>
<uri link="">CVE-2005-1544</uri>
<metadata tag="submitter" timestamp="Mon, 09 May 2005 18:55:28 +0000">
<metadata tag="bugReady" timestamp="Tue, 10 May 2005 20:03:29 +0000">