Multiple vulnerabilities in libTIFF could lead to the execution of arbitrary code or a Denial of Service.
|Package||media-libs/tiff on all architectures|
|Affected versions||< 3.8.1|
|Unaffected versions||>= 3.8.1|
libTIFF provides support for reading and manipulating TIFF images.
Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF.
An attacker could exploit these vulnerabilities by enticing a user to open a specially crafted TIFF image, possibly leading to the execution of arbitrary code or a Denial of Service.
There is no known workaround at this time.
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1"
May 30, 2006
May 30, 2006: 01