In association with heise online

27 August 2008, 10:40

Vulnerabilities in LibTIFF

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

LibTIFF, the open source graphics library, contains bugs in its LZWDecode and LZWDecodeCompat functions. Crafted TIFF files can be used to provoke buffer underflows. Attackers can exploit this vulnerability to inject and execute code.

According to Debian, the bugs are present in versions 3.8.2.x and 3.7.2.x. No official update is available. Linux distributors are, however, already releasing updated packages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit