libTIFF: Multiple buffer overflows libTIFF contains buffer overflows that could result in arbitrary code execution. tiff July 09, 2006 July 09, 2006: 01 135881 remote 3.8.2-r1 3.8.2-r1

libTIFF provides support for reading and manipulating TIFF images.

A buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit.

A remote attacker could entice a user to load a specially crafted TIFF file, resulting in the possible execution of arbitrary code.

There is no known workaround at this time.

All libTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r1" CVE-2006-2193 CVE-2006-2656 falco falco