libtiff: arbitrary code execution
| Package(s): | libtiff |
CVE #(s): | CVE-2009-5022
|
| Created: | April 18, 2011 |
Updated: | June 10, 2011 |
| Description: |
From the Red Hat advisory:
A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF image files that were compressed with the JPEG compression
algorithm. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. |
| Alerts: |
| Gentoo |
201209-02 |
tiff |
2012-09-23 |
| Debian |
DSA-2256-1 |
tiff |
2011-06-09 |
| Fedora |
FEDORA-2011-5304 |
libtiff |
2011-04-13 |
| Red Hat |
RHSA-2011:0452-01 |
libtiff |
2011-04-18 |
| Mandriva |
MDVSA-2011:078 |
libtiff |
2011-04-23 |
| SUSE |
SUSE-SR:2011:008 |
java-1_6_0-ibm, java-1_5_0-ibm, java-1_4_2-ibm, postfix, dhcp6, dhcpcd, mono-addon-bytefx-data-mysql/bytefx-data-mysql, dbus-1, libtiff/libtiff-devel, cifs-mount/libnetapi-devel, rubygem-sqlite3, gnutls, libpolkit0, udisks |
2011-05-03 |
| openSUSE |
openSUSE-SU-2011:0405-1 |
tiff |
2011-04-29 |
| Ubuntu |
USN-1120-1 |
tiff |
2011-04-21 |
|
