Red Hat Inc. Information for VU#539110

LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine

Status

Affected

Vendor Statement

This flaw was fixed as part of the update for CVE name CAN-2004-0886. Updates are available for Red Hat Enterprise Linux 3 and 2.1 to correct this issue. New libtiff packages along with our advisory are available at the URL below and by using the Red Hat Network 'up2date' tool.

http://rhn.redhat.com/errata/RHSA-2004-577.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.