From secunia security advisory at $URL:
A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to an integer overflow error in the "tiff2pdf" utility when parsing images and can be exploited to cause a buffer overflow via a specially crafted TIFF image.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into converting a malicious image.
The vulnerability is reported in versions prior to 4.0.2.
Update to version 4.0.2.
Test and stabilize:
Stable for HPPA.
@graphics, Steve: this issue appears to affect all versions of libtiff and there is also another issue only affecting 3.x . Are there any plans for 3.x? Thanks.
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted tiff image, which triggers a heap-based
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c
in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
negative tile depth in a tiff image, which triggers an improper conversion
between signed and unsigned types, leading to a heap-based buffer overflow.
ppc64 stable, all arch's done
Added to existing GLSA draft.
This issue was resolved and addressed in
GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml
by GLSA coordinator Sean Amoss (ackle).