On Tue, Dec 21, 2004 at 05:09:30PM -0500, customer service mailbox wrote: > libtiff STRIPOFFSETS Integer Overflow Vulnerability > > iDEFENSE Security Advisory 12.21.04 > www.idefense.com/application/poi/display?id=173&type=vulnerabilities > December 21, 2004 .... > The overflow occurs in the parsing of TIFF files set with the > STRIPOFFSETS flag in libtiff/tif_dirread.c. In the TIFFFetchStripThing() > > function, the number of strips (nstrips) is used directly in a > CheckMalloc() routine without sanity checking. The call ultimately boils > > - SuSE Linux This problem had already been fixed in SUSE Linux with the last libtiff update: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html Ciao, Marcus
Attachment:
pgpTOj7YdTBbB.pgp
Description: PGP signature