RHSA-2010:0520: Important: libtiff security update
First published: Thu Jul 08 2010(Updated: )
The libtiff packages contain a library of functions for manipulating Tagged<br>Image File Format (TIFF) files.<br>Multiple integer overflow flaws, leading to a buffer overflow, were<br>discovered in libtiff. An attacker could use these flaws to create a<br>specially-crafted TIFF file that, when opened, would cause an application<br>linked against libtiff to crash or, possibly, execute arbitrary code.<br>(CVE-2010-1411)<br>An input validation flaw was discovered in libtiff. An attacker could use<br>this flaw to create a specially-crafted TIFF file that, when opened, would<br>cause an application linked against libtiff to crash. (CVE-2010-2598)<br>Red Hat would like to thank Apple Product Security for responsibly<br>reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of<br>digitalmunition.com for the discovery of the issue.<br>All libtiff users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues. All running<br>applications linked against libtiff must be restarted for this update to<br>take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/severity
- agent/references
- agent/event
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0520
- agent/trending
- agent/title
- agent/remedy
- agent/weakness
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup