The libTIFF library is vulnerable to a buffer overflow, potentially resulting in the execution of arbitrary code.
|Package||media-libs/tiff on all architectures|
|Affected versions||< 3.7.2|
|Unaffected versions||>= 3.7.2|
libTIFF provides support for reading and manipulating TIFF (Tag Image File Format) images.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.
Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"
May 10, 2005
May 22, 2006: 02