Lucene search

K
centosCentOS ProjectCESA-2008:0863-01
HistoryAug 29, 2008 - 12:41 a.m.

libtiff security update

2008-08-2900:41:41
CentOS Project
lists.centos.org
59

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.008

Percentile

81.9%

CentOS Errata and Security Advisory CESA-2008:0863-01

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

Multiple uses of uninitialized values were discovered in libtiff’s
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.

All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-August/077381.html

Affected packages:
libtiff
libtiff-devel

OSVersionArchitecturePackageVersionFilename
CentOS2i386libtiff<Β 3.5.7-31.el2libtiff-3.5.7-31.el2.i386.rpm
CentOS2i386libtiff-devel<Β 3.5.7-31.el2libtiff-devel-3.5.7-31.el2.i386.rpm

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.008

Percentile

81.9%