AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2012.04.06 16:52 "[Tiff] Security Fix", by Frank Warmerdam
2012.04.09 13:09 "Re: [Tiff] Security Fix", by Christopher Cameron
2012.04.09 17:19 "Re: [Tiff] Security Fix", by Frank Warmerdam

2012.04.09 13:09 "Re: [Tiff] Security Fix", by Christopher Cameron

Has someone decided to investigate libtiff4 yet?

Chris Cameron
Software Developer - Multimedia/Camera
ccameron@qnx.com

On 12-04-06 12:52 PM, "Frank Warmerdam" <warmerdam@pobox.com> wrote:

There has been an overflow problem reported with libtiff that could represent a security compromise when operating on potentially hostile files in an unsafe context. A fix is applied in 3.9 branch and CVS HEAD. They are also available in the ticket if someone wants to apply them.

Some distributions pushed the fix out already this week:

  http://bugzilla.maptools.org/show_bug.cgi?id=2369

>---------------------------------------+----------------------------------
>----