Oval Definition:	oval:org.mitre.oval:tst:38786
Comment: libtiff is earlier than 0:3.6.1-12.el4_8.4 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14341 State: oval:org.mitre.oval:ste:11201 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10145 V Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. 2013-04-29 oval:org.mitre.oval:def:10988 V Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. 2013-04-29
BACK