CVE-2013-4244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4244): The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. Patch available at http://bugzilla.maptools.org/show_bug.cgi?id=2452
Fixed in -r6, please test and stabilize: =media-libs/tiff-4.0.3-r6 (every stable arch) =media-libs/tiff-3.9.7-r1 (amd64 and x86 only, special SLOT) Thank you.
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
ppc64 stable
sparc stable
ia64 stable
arm stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Added to existing GLSA draft. Maintainer(s), please cleanup.
Cleanup done by ssuominen.
bug was only in 4.0.3-r6 since 3.9.7-r1 is a special SLOT that only installs lib and doesn't involve the code of this bug
This issue was resolved and addressed in GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml by GLSA coordinator Chris Reffett (creffett).