Red Hat Inc. Information for VU#125598

LibTIFF vulnerable to integer overflow via corrupted directory entry count



Vendor Statement

Red Hat Enterprise Linux ships with a LibTIFF package vulnerable to this issues. New LibTiff packages are now available along with our advisory at the URLs below and by using the Red Hat Network 'up2date' tool.

Red Hat Enterprise Linux (2.1 3):

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.