ID CVE-2012-2113
Summary Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • LibTIFF 3.4
    cpe:2.3:a:libtiff:libtiff:3.4
  • LibTIFF 3.4 beta18
    cpe:2.3:a:libtiff:libtiff:3.4:beta18
  • LibTIFF 3.4 beta24
    cpe:2.3:a:libtiff:libtiff:3.4:beta24
  • LibTIFF 3.4 beta28
    cpe:2.3:a:libtiff:libtiff:3.4:beta28
  • LibTIFF 3.4 beta29
    cpe:2.3:a:libtiff:libtiff:3.4:beta29
  • LibTIFF 3.4 beta31
    cpe:2.3:a:libtiff:libtiff:3.4:beta31
  • LibTIFF 3.4 beta32
    cpe:2.3:a:libtiff:libtiff:3.4:beta32
  • LibTIFF 3.4 beta34
    cpe:2.3:a:libtiff:libtiff:3.4:beta34
  • LibTIFF 3.4 beta35
    cpe:2.3:a:libtiff:libtiff:3.4:beta35
  • LibTIFF 3.4 beta36
    cpe:2.3:a:libtiff:libtiff:3.4:beta36
  • LibTIFF 3.4 beta37
    cpe:2.3:a:libtiff:libtiff:3.4:beta37
  • LibTIFF 3.5.1
    cpe:2.3:a:libtiff:libtiff:3.5.1
  • LibTIFF 3.5.2
    cpe:2.3:a:libtiff:libtiff:3.5.2
  • LibTIFF 3.5.3
    cpe:2.3:a:libtiff:libtiff:3.5.3
  • LibTIFF 3.5.4
    cpe:2.3:a:libtiff:libtiff:3.5.4
  • LibTIFF 3.5.5
    cpe:2.3:a:libtiff:libtiff:3.5.5
  • LibTIFF 3.5.6
    cpe:2.3:a:libtiff:libtiff:3.5.6
  • LibTIFF 3.5.6 beta
    cpe:2.3:a:libtiff:libtiff:3.5.6:beta
  • LibTIFF 3.5.7
    cpe:2.3:a:libtiff:libtiff:3.5.7
  • LibTIFF 3.5.7 alpha
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha
  • LibTIFF 3.5.7 alpha2
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2
  • LibTIFF 3.5.7 alpha3
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3
  • LibTIFF 3.5.7 alpha4
    cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4
  • LibTIFF 3.5.7 beta
    cpe:2.3:a:libtiff:libtiff:3.5.7:beta
  • LibTIFF 3.6.0
    cpe:2.3:a:libtiff:libtiff:3.6.0
  • LibTIFF 3.6.0 beta
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta
  • LibTIFF 3.6.0 beta2
    cpe:2.3:a:libtiff:libtiff:3.6.0:beta2
  • LibTIFF 3.6.1
    cpe:2.3:a:libtiff:libtiff:3.6.1
  • LibTIFF 3.7.0
    cpe:2.3:a:libtiff:libtiff:3.7.0
  • LibTIFF 3.7.0 alpha
    cpe:2.3:a:libtiff:libtiff:3.7.0:alpha
  • LibTIFF 3.7.0 beta
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta
  • LibTIFF 3.7.0 beta2
    cpe:2.3:a:libtiff:libtiff:3.7.0:beta2
  • LibTIFF 3.7.1
    cpe:2.3:a:libtiff:libtiff:3.7.1
  • LibTIFF 3.7.2
    cpe:2.3:a:libtiff:libtiff:3.7.2
  • LibTIFF 3.7.3
    cpe:2.3:a:libtiff:libtiff:3.7.3
  • LibTIFF 3.7.4
    cpe:2.3:a:libtiff:libtiff:3.7.4
  • LibTIFF 3.8.0
    cpe:2.3:a:libtiff:libtiff:3.8.0
  • LibTIFF 3.8.1
    cpe:2.3:a:libtiff:libtiff:3.8.1
  • LibTIFF 3.8.2
    cpe:2.3:a:libtiff:libtiff:3.8.2
  • LibTIFF 3.9
    cpe:2.3:a:libtiff:libtiff:3.9
  • LibTIFF 3.9.0
    cpe:2.3:a:libtiff:libtiff:3.9.0
  • LibTIFF 3.9.0 beta
    cpe:2.3:a:libtiff:libtiff:3.9.0:beta
  • LibTIFF 3.9.1
    cpe:2.3:a:libtiff:libtiff:3.9.1
  • LibTIFF 3.9.2
    cpe:2.3:a:libtiff:libtiff:3.9.2
  • LibTIFF 3.9.2-5.2.1
    cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1
  • LibTIFF 3.9.3
    cpe:2.3:a:libtiff:libtiff:3.9.3
  • LibTIFF 3.9.4
    cpe:2.3:a:libtiff:libtiff:3.9.4
  • LibTIFF 3.9.5
    cpe:2.3:a:libtiff:libtiff:3.9.5
  • LibTIFF 4.0 alpha
    cpe:2.3:a:libtiff:libtiff:4.0:alpha
  • LibTIFF 4.0 beta1
    cpe:2.3:a:libtiff:libtiff:4.0:beta1
  • LibTIFF 4.0 beta2
    cpe:2.3:a:libtiff:libtiff:4.0:beta2
  • LibTIFF 4.0 beta3
    cpe:2.3:a:libtiff:libtiff:4.0:beta3
  • LibTIFF 4.0 beta4
    cpe:2.3:a:libtiff:libtiff:4.0:beta4
  • LibTIFF 4.0 beta5
    cpe:2.3:a:libtiff:libtiff:4.0:beta5
  • LibTIFF 4.0 beta6
    cpe:2.3:a:libtiff:libtiff:4.0:beta6
  • LibTIFF 4.0.1
    cpe:2.3:a:libtiff:libtiff:4.0.1
CVSS
Base: 6.8 (as of 23-07-2012 - 14:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-290-01.NASL
    description New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
    last seen 2019-02-21
    modified 2013-10-22
    plugin id 70499
    published 2013-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70499
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-361.NASL
    description - fixing multiple integer overflows : - CVE-2012-2113 [bnc#767852] - CVE-2012-2088 [bnc#767854]
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74663
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74663
    title openSUSE Security Update : tiff (openSUSE-SU-2012:0829-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1054.NASL
    description From Red Hat Security Advisory 2012:1054 : Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68572
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68572
    title Oracle Linux 5 / 6 : libtiff (ELSA-2012-1054)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2552.NASL
    description Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation. These vulnerabilities can be exploited via a specially crafted TIFF image. - CVE-2012-2113 The tiff2pdf utility has an integer overflow error when parsing images. - CVE-2012-3401 Huzaifa Sidhpurwala discovered heap-based buffer overflow in the t2p_read_tiff_init() function. - CVE-2010-2482 An invalid td_stripbytecount field is not properly handle and can trigger a NULL pointer dereference. - CVE-2010-2595 An array index error, related to 'downsampled OJPEG input' in the TIFFYCbCrtoRGB function causes an unexpected crash. - CVE-2010-2597 Also related to 'downsampled OJPEG input', the TIFFVStripSize function crash unexpectly. - CVE-2010-2630 The TIFFReadDirectory function does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file. - CVE-2010-4665 The tiffdump utility has an integer overflow in the ReadDirectory function.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62317
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62317
    title Debian DSA-2552-1 : tiff - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62235
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62235
    title GLSA-201209-02 : libTIFF: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10081.NASL
    description Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59972
    published 2012-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59972
    title Fedora 17 : libtiff-3.9.6-1.fc17 (2012-10081)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-101.NASL
    description Multiple vulnerabilities has been discovered and corrected in libtiff : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 59843
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59843
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2012:101)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBTIFF-DEVEL-120622.NASL
    description The following issue has been fixed : - Specially crafted tiff files could have caused overflows in libtiff. (CVE-2012-2088 / CVE-2012-2113)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64197
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64197
    title SuSE 11.1 Security Update : libtiff (SAT Patch Number 6475)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1054.NASL
    description Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59838
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59838
    title CentOS 5 / 6 : libtiff (CESA-2012:1054)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1498-1.NASL
    description It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59856
    published 2012-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59856
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerabilities (USN-1498-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1054.NASL
    description Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59844
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59844
    title RHEL 5 / 6 : libtiff (RHSA-2012:1054)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120703_LIBTIFF_ON_SL5_X.NASL
    description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 83916
    published 2015-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83916
    title Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10089.NASL
    description Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59973
    published 2012-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59973
    title Fedora 16 : libtiff-3.9.6-1.fc16 (2012-10089)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-106.NASL
    description libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69596
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69596
    title Amazon Linux AMI : libtiff (ALAS-2012-106)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTIFF-8199.NASL
    description The following issue has been fixed : - Specially crafted tiff files could have caused overflows in libtiff. (CVE-2012-2088 / CVE-2012-2113)
    last seen 2019-02-21
    modified 2013-02-25
    plugin id 60077
    published 2012-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60077
    title SuSE 10 Security Update : libtiff (ZYPP Patch Number 8199)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBTIFF_20120821.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. (CVE-2012-2088) - Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2012-2113)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80680
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80680
    title Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-046.NASL
    description Updated libtiff packages fix security vulnerabilities : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-3401). It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code (CVE-2012-4447). ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564). It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-5581).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66060
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66060
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)
redhat via4
advisories
bugzilla
id 832864
title CVE-2012-2088 libtiff: Type conversion flaw leading to heap-buffer overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libtiff is earlier than 0:3.8.2-15.el5_8
          oval oval:com.redhat.rhsa:tst:20121054002
        • comment libtiff is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847003
      • AND
        • comment libtiff-devel is earlier than 0:3.8.2-15.el5_8
          oval oval:com.redhat.rhsa:tst:20121054004
        • comment libtiff-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847005
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libtiff is earlier than 0:3.9.4-6.el6_3
          oval oval:com.redhat.rhsa:tst:20121054010
        • comment libtiff is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318011
      • AND
        • comment libtiff-devel is earlier than 0:3.9.4-6.el6_3
          oval oval:com.redhat.rhsa:tst:20121054012
        • comment libtiff-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318015
      • AND
        • comment libtiff-static is earlier than 0:3.9.4-6.el6_3
          oval oval:com.redhat.rhsa:tst:20121054014
        • comment libtiff-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318013
rhsa
id RHSA-2012:1054
released 2012-07-03
severity Important
title RHSA-2012:1054: libtiff security update (Important)
rpms
  • libtiff-0:3.8.2-15.el5_8
  • libtiff-devel-0:3.8.2-15.el5_8
  • libtiff-0:3.9.4-6.el6_3
  • libtiff-devel-0:3.9.4-6.el6_3
  • libtiff-static-0:3.9.4-6.el6_3
refmap via4
bid 54076
confirm http://www.remotesensing.org/libtiff/v4.0.2.html
debian DSA-2552
gentoo GLSA-201209-02
mandriva MDVSA-2012:101
misc https://bugzilla.redhat.com/show_bug.cgi?id=810551
secunia
  • 49493
  • 49686
  • 50726
suse
  • SUSE-SU-2012:0894
  • openSUSE-SU-2012:0829
Last major update 14-05-2013 - 23:25
Published 22-07-2012 - 13:55
Last modified 28-12-2017 - 21:29
Back to Top