tiff security update
Specially crafted tiff files could cause a heap-based
buffer overflow in the thunder- and ojpeg-decoders
(CVE-2011-1167, CVE-2009-5022).
Directories with a large number of files could cause an
integer overflow in the tiffdump tool (CVE-2010-4665)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4396
Fixed bugs
bnc#682871
TIFF G4: images corruption across SUSE versions
bnc#599475
tiff2pdf generated pdfs which display wrong colors with xpdf/ghostview
bnc#687442
VUL-0: tiffdump integer overflow
bnc#687441
VUL-0: tiff buffer overflow in ojpeg decoder
CVE#CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample va
CVE#CVE-2010-4665
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a direct
