libTIFF: Multiple vulnerabilities

libTIFF: Multiple vulnerabilities Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. tiff February 21, 2014 February 21, 2014: 1 440154 440944 468334 480466 486590 remote 4.0.3-r6 3.9.7-r1 4.0.3-r6

libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.

Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition.

There is no known workaround at this time.

All libTIFF 4.* users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.3-r6"

All libTIFF 3.* users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.7-r1:3"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

CVE-2012-4447 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4244 pinkbyte pinkbyte