libTIFF: buffer overflow
| Package(s): | libtiff | CVE #(s): | CAN-2005-1544 | ||||||||||||||||
| Created: | May 10, 2005 | Updated: | February 18, 2006 | ||||||||||||||||
| Description: | Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Posted May 25, 2005 9:27 UTC (Wed)
by mjc@redhat.com (guest, #2303)
[Link]
Note that this issue only affects libtiff 3.7 and greater which is why many distributions are not vulnerable to this issue.
CAN-2005-1544libTIFF: buffer overflow