From secunia security advisory at $URL: Description A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "tiff2pdf" utility when parsing images and can be exploited to cause a buffer overflow via a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into converting a malicious image. The vulnerability is reported in versions prior to 4.0.2. Solution Update to version 4.0.2.
Test and stabilize: =media-libs/tiff-4.0.2
x86 stable
Stable for HPPA.
amd64 stable
alpha/arm/ia64/m68k/s390/sh/sparc stable
ppc done
@graphics, Steve: this issue appears to affect all versions of libtiff and there is also another issue only affecting 3.x [1]. Are there any plans for 3.x? Thanks. [1] https://bugzilla.redhat.com/show_bug.cgi?id=810551#c14
CVE-2012-2113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113): Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2012-2088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088): Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
ppc64 stable, all arch's done
Thanks, everyone. Added to existing GLSA draft.
This issue was resolved and addressed in GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml by GLSA coordinator Sean Amoss (ackle).