blob: 6ff3e6e99ae7ca5642fc10553108b97bafc39b10 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201209-02">
<title>libTIFF: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities in libTIFF could result in execution of
arbitrary code or Denial of Service.
<product type="ebuild">tiff</product>
<announced>September 23, 2012</announced>
<revised>June 02, 2014: 6</revised>
<package name="media-libs/tiff" auto="yes" arch="*">
<unaffected range="ge">4.0.2-r1</unaffected>
<unaffected range="rge">3.9.5-r2</unaffected>
<unaffected range="rge">3.9.7-r1</unaffected>
<vulnerable range="lt">4.0.2-r1</vulnerable>
<p>libTIFF provides support for reading and manipulating TIFF (Tagged Image
File Format) images.
<p>Multiple vulnerabilities have been discovered in libTIFF. Please review
the CVE identifiers referenced below for details.
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted TIFF
file with an application making use of libTIFF, possibly resulting in
execution of arbitrary code with the privileges of the user running the
application or a Denial of Service condition.
<p>There is no known workaround at this time.</p>
<p>All libTIFF 4.0 users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.2-r1"
<p>All libTIFF 3.9 users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-3.9.5-r2"
<uri link="">CVE-2009-2347</uri>
<uri link="">CVE-2009-5022</uri>
<uri link="">CVE-2010-1411</uri>
<uri link="">CVE-2010-2065</uri>
<uri link="">CVE-2010-2067</uri>
<uri link="">CVE-2010-2233</uri>
<uri link="">CVE-2010-2443</uri>
<uri link="">CVE-2010-2481</uri>
<uri link="">CVE-2010-2482</uri>
<uri link="">CVE-2010-2483</uri>
<uri link="">CVE-2010-2595</uri>
<uri link="">CVE-2010-2596</uri>
<uri link="">CVE-2010-2597</uri>
<uri link="">CVE-2010-2630</uri>
<uri link="">CVE-2010-2631</uri>
<uri link="">CVE-2010-3087</uri>
<uri link="">CVE-2010-4665</uri>
<uri link="">CVE-2011-0192</uri>
<uri link="">CVE-2011-0192</uri>
<uri link="">CVE-2011-1167</uri>
<uri link="">CVE-2011-1167</uri>
<uri link="">CVE-2012-1173</uri>
<uri link="">CVE-2012-2088</uri>
<uri link="">CVE-2012-2113</uri>
<uri link="">CVE-2012-3401</uri>
<metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:38:10 +0000">
<metadata tag="submitter" timestamp="Mon, 02 Jun 2014 14:06:53 +0000">ackle</metadata>