FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- buffer overflow vulnerability

Affected packages
tiff < 3.9.3
linux-tiff < 3.9.3

Details

VuXML ID 313da7dc-763b-11df-bcce-0018f3e2eb82
Discovery 2010-04-15
Entry 2010-06-12

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.

References

CVE Name CVE-2010-1411
URL http://support.apple.com/kb/HT4196
URL http://www.remotesensing.org/libtiff/v3.9.3.html