Red Hat Inc. Information for VU#125598

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Status

Affected

Vendor Statement

Red Hat Enterprise Linux ships with a LibTIFF package vulnerable to this issues. New LibTiff packages are now available along with our advisory at the URLs below and by using the Red Hat Network 'up2date' tool.

Red Hat Enterprise Linux (2.1 3):

http://rhn.redhat.com/errata/RHSA-2005-019.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.