libTIFF: Multiple vulnerabilities

libTIFF: Multiple vulnerabilities Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. tiff 2012-09-23 2014-06-02 307001 324885 357271 359871 371308 410931 422673 427166 remote 4.0.2-r1 3.9.5-r2 3.9.7-r1 4.0.2-r1

libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.

Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition.

There is no known workaround at this time.

All libTIFF 4.0 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1"

All libTIFF 3.9 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2"

CVE-2009-2347 CVE-2009-5022 CVE-2010-1411 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-2443 CVE-2010-2481 CVE-2010-2482 CVE-2010-2483 CVE-2010-2595 CVE-2010-2596 CVE-2010-2597 CVE-2010-2630 CVE-2010-2631 CVE-2010-3087 CVE-2010-4665 CVE-2011-0192 CVE-2011-0192 CVE-2011-1167 CVE-2011-1167 CVE-2012-1173 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 underling ackle