Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0392
The remote host is missing updates announced in
advisory RHSA-2011:0392.

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF files encoded with a 4-bit run-length encoding scheme from
ThunderScan. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167)

This update also fixes the following bug:

* The RHSA-2011:0318 libtiff update introduced a regression that prevented
certain TIFF Internet Fax image files, compressed with the CCITT Group 4
compression algorithm, from being read. (BZ#688825)

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. All running applications linked
against libtiff must be restarted for this update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1167
BugTraq ID: 46951
Bugtraq: 20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability (Google Search)
Debian Security Information: DSA-2210 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
XForce ISS Database: libtiff-thundercode-decoder-bo(66247)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0192
BugTraq ID: 46658
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.