CentOS Errata and Security Advisory CESA-2006:0425-01
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)
A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)
Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)
All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-May/075058.html
Affected packages:
libtiff
libtiff-devel
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | libtiff | < 3.5.7-30.el2.1 | libtiff-3.5.7-30.el2.1.i386.rpm |
CentOS | 2 | i386 | libtiff-devel | < 3.5.7-30.el2.1 | libtiff-devel-3.5.7-30.el2.1.i386.rpm |