Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2005:001: libtiff/tiff Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the libtiff/tiff package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2005:001 (libtiff/tiff).
Libtiff supports reading, writing, and manipulating of TIFF image files.
iDEFENSE reported an integer overflow in libtiff that can be exploited by
specific TIFF images to trigger a heap-based buffer overflow afterwards.
This bug can be used by external attackers to execute arbitrary code
over the network by placing special image files on web-pages and
Additionally a buffer overflow in tiffdump was fixed.
Solution : http://www.suse.de/security/advisories/2005_01_libtiff_tiff.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.