LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

libtiff: code execution

Package(s):tiff CVE #(s):CVE-2012-5581
Created:December 6, 2012 Updated:December 31, 2012
Description: From the Ubuntu advisory:

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Alerts:
Ubuntu USN-1655-1 2012-12-05
Mageia MGASA-2012-0355 2012-12-07
Debian DSA-2589-1 2012-12-16
Red Hat RHSA-2012:1590-01 2012-12-18
CentOS CESA-2012:1590 2012-12-19
CentOS CESA-2012:1590 2012-12-19
Oracle ELSA-2012-1590 2012-12-18
Oracle ELSA-2012-1590 2012-12-19
Scientific Linux SL-libt-20121219 2012-12-19
Mandriva MDVSA-2012:184 2012-12-27
Fedora FEDORA-2012-20446 2012-12-31
Fedora FEDORA-2012-20404 2012-12-31
openSUSE openSUSE-SU-2013:0187-1 2013-01-23
Mandriva MDVSA-2013:046 2013-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds