 |
| Home Page |  |
Advice | |
Reports | |
Activities | |
CERT-FI:P.O. Box 313 Finnish Communications Regulatory Authority (FICORA):Itämerenkatu 3 A |
CERT-FI Advisory on LibTIFF
DetailsA vulnerability regarding the handling of TIFF images has been found in LibTIFF. The vulnerability allows an attacker to execute his own code or to cause a Denial of Service by tempting a user to open a maliciously crafted TIFF image. Vulnerability Coordination Information and AcknowledgementsCERT-FI reported the vulnerability to the vendors. CERT-FI wishes to thank Tomas Hoger of Red Hat Security Response Team for cooperation and the analysis of the vulnerabilities and Oulu University Secure Programming Group for their work on robustness testing tools. Vendor InformationLibTIFF 3.9.x before version 3.9.3 and distribution versions based on those are affected. LibTIFF 4.0 beta versions are not affected. RemediationInstall either the latest version of the original LibTIFF library (http://www.remotesensing.org/libtiff/) or a fixed version of the library provided by your operating system or application vendor.References
Contact InformationCERT-FI Vulnerability Coordination can be contacted as follows:Email: vulncoord@ficora.fi Please quote the advisory reference [FICORA #391068] in the subject line Telephone: +358 9 6966 510 Monday - Friday 08:00 - 16:15 (EET: UTC+2) Fax : +358 9 6966 515 Post: Vulnerability Coordination FICORA/CERT-FI P.O. Box 313 FI-00181 Helsinki FINLAND CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at https://www.cert.fi/en/activities/contact/pgp-keys.html The CERT-FI vulnerability coordination policy can be viewed at https://www.cert.fi/en/activities/Vulncoord/vulncoord-policy.html. Revision History1 Jul 2010, 12:30 UTC: Published
|
|
