RHSA-2010:0519: Important: libtiff security update

First published: Thu Jul 08 2010(Updated: )

The libtiff packages contain a library of functions for manipulating Tagged<br>Image File Format (TIFF) files.<br>Multiple integer overflow flaws, leading to a buffer overflow, were<br>discovered in libtiff. An attacker could use these flaws to create a<br>specially-crafted TIFF file that, when opened, would cause an application<br>linked against libtiff to crash or, possibly, execute arbitrary code.<br>(CVE-2010-1411)<br>Multiple input validation flaws were discovered in libtiff. An attacker<br>could use these flaws to create a specially-crafted TIFF file that, when<br>opened, would cause an application linked against libtiff to crash.<br>(CVE-2010-2481, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597)<br>Red Hat would like to thank Apple Product Security for responsibly<br>reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of<br>digitalmunition.com for the discovery of the issue.<br>All libtiff users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues. All running<br>applications linked against libtiff must be restarted for this update to<br>take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/type
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0519
• agent/software-canonical-lookup
• agent/description
• agent/event
• agent/weakness
• agent/references
• agent/remedy
• agent/title
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat