NetBSD Information for VU#125598
LibTIFF vulnerable to integer overflow via corrupted directory entry count
- Vendor Information Help Date Notified: 11 Jan 2005
- Statement Date:
- Date Updated: 13 Jan 2005
NetBSD does not include libtiff in the Operating System release.
It is available as a third-party package in the pkgsrc system, and was updated to 3.7.1 when the release first became public. A number of graphical programs and desktop environments in pkgsrc depend on libtiff, and so it may well have been installed as part of building another package.
Known vulnerabilities in third-party pkgsrc packages are published in the pkg-vulnerabilities database. NetBSD recommends that users check installed packages against this database regularly using the tools in the security/audit-packages package.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.