CentOS Update For Libtiff CESA-2012:0468 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.

Affected

libtiff on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2012-April/018564.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1173

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0473 (kernel)
CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)
CentOS Security Advisory CESA-2009:1337 (gfs2-utils)
CentOS Security Advisory CESA-2009:1642 (acpid)
CentOS Security Advisory CESA-2009:1335 (openssl)

CentOS Update for libtiff CESA-2012:0468 centos6

Take action and discover your vulnerabilities