tiff -- buffer overflow vulnerability

2005-05-1000:00:00

vuxml.freebsd.org

0.335 Low

EPSS

Percentile

97.1%

JSON

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team
discovered a stack based buffer overflow in the libTIFF
library when reading a TIFF image with a malformed
BitsPerSample tag.
Successful exploitation would require the victim to open
a specially crafted TIFF image, resulting in the execution
of arbitrary code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtiff< 3.7.3UNKNOWN
FreeBSDanynoarchlinux-tiff< 3.6.1_3UNKNOWN
FreeBSDanynoarchpdflib< 6.0.1_2UNKNOWN
FreeBSDanynoarchpdflib-perl< 6.0.1_2UNKNOWN
FreeBSDanynoarchgdal< 1.2.1_2UNKNOWN
FreeBSDanynoarchivtools< 1.2.3UNKNOWN
FreeBSDanynoarchparaview< 2.4.3UNKNOWN
FreeBSDanynoarchfractorama< 1.6.7_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	tiff	< 3.7.3	UNKNOWN
FreeBSD	any	noarch	linux-tiff	< 3.6.1_3	UNKNOWN
FreeBSD	any	noarch	pdflib	< 6.0.1_2	UNKNOWN
FreeBSD	any	noarch	pdflib-perl	< 6.0.1_2	UNKNOWN
FreeBSD	any	noarch	gdal	< 1.2.1_2	UNKNOWN
FreeBSD	any	noarch	ivtools	< 1.2.3	UNKNOWN
FreeBSD	any	noarch	paraview	< 2.4.3	UNKNOWN
FreeBSD	any	noarch	fractorama	< 1.6.7_1	UNKNOWN