LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

libtiff: arbitrary code execution

Package(s):libtiff CVE #(s):CVE-2011-1167
Created:March 29, 2011 Updated:June 27, 2011
Description: From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

Alerts:
Debian DSA-2210-2 2011-06-25
openSUSE openSUSE-SU-2011:0409-1 2011-04-29
CentOS CESA-2011:0392 2011-04-14
Slackware SSA:2011-098-01 2011-04-12
Fedora FEDORA-2011-3827 2011-03-22
Fedora FEDORA-2011-3836 2011-03-22
Ubuntu USN-1102-1 2011-04-04
Debian DSA-2210-1 2011-04-03
Mandriva MDVSA-2011:064 2011-04-04
CentOS CESA-2011:0392 2011-03-31
Red Hat RHSA-2011:0392-01 2011-03-28
Fedora FEDORA-2011-5962 2011-04-25
Fedora FEDORA-2011-5955 2011-04-25
SUSE SUSE-SR:2011:008 2011-05-03
openSUSE openSUSE-SU-2011:0405-1 2011-04-29
SUSE SUSE-SR:2011:009 2011-05-17
Oracle ELSA-2012-0468 2012-04-12
Gentoo 201209-02 2012-09-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds