libtiff-3.9.4-9.AXS4
エラータID: AXSA:2012-1046:03
The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF format image files.
Security issues fixed with this release:
• CVE-2012-3401
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
• CVE-2012-4447
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
• CVE-2012-4564
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
• CVE-2012-5581
No description available at the time of writing, please refer to the CVE link below.
Update packages.
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
N/A
SRPMS
- libtiff-3.9.4-9.AXS4.src.rpm
MD5: f1d5607637cb857ed7deb3dbb53bb8cd
SHA-256: 68dec222235df806307c1fb4f232cf282b1a3aa5ae161953ea13c0b77932f036
Size: 1.40 MB
Asianux Server 4 for x86
- libtiff-3.9.4-9.AXS4.i686.rpm
MD5: 6924472d10b9930025515eb93af3845f
SHA-256: d3cd8ccb04c17a89ec9c31e0817746d3967a24fcf0799b7117c19daddefcb14e
Size: 338.29 kB - libtiff-devel-3.9.4-9.AXS4.i686.rpm
MD5: 59c50513915726ee49faa8e00b314334
SHA-256: ce24a3e1363e7deb887cc610e90fc052c2d1c5af04d854885228255385af286d
Size: 467.99 kB
Asianux Server 4 for x86_64
- libtiff-3.9.4-9.AXS4.x86_64.rpm
MD5: 7e5bffebce90a5ac6604037b0bdb8aa2
SHA-256: ff69e5e488b790f0e38e22f10067a7fb927f647edfd86b094a50080b40ff368d
Size: 341.26 kB - libtiff-devel-3.9.4-9.AXS4.x86_64.rpm
MD5: ae9c55b88eed27cfd4e843a4cafccdff
SHA-256: 39305098489b776444ccf96fbdf0361ef02ff82ea6b0423451e17b6425a2943c
Size: 467.60 kB - libtiff-3.9.4-9.AXS4.i686.rpm
MD5: 6924472d10b9930025515eb93af3845f
SHA-256: d3cd8ccb04c17a89ec9c31e0817746d3967a24fcf0799b7117c19daddefcb14e
Size: 338.29 kB - libtiff-devel-3.9.4-9.AXS4.i686.rpm
MD5: 59c50513915726ee49faa8e00b314334
SHA-256: ce24a3e1363e7deb887cc610e90fc052c2d1c5af04d854885228255385af286d
Size: 467.99 kB
日本語