Vulnerabilities > CVE-2011-1167 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12702.NASL description The following bugs have been fixed : - Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder. (CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool. (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 53585 published 2011-04-29 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53585 title SuSE9 Security Update : libtiff (YOU Patch Number 12702) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBTIFF-DEVEL-110415.NASL description The following bugs have been fixed : - Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder. (CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 53588 published 2011-04-29 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53588 title SuSE 11.1 Security Update : libtiff (SAT Patch Number 4397) NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBTIFF-DEVEL-110415.NASL description Specially crafted tiff files could cause a heap-based buffer overflow in the thunder- and ojpeg-decoders (CVE-2011-1167, CVE-2009-5022). Directories with a large number of files could cause an integer overflow in the tiffdump tool (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 75926 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75926 title openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0405-1) NASL family Windows NASL id BLACKBERRY_ES_PNG_KB27244.NASL description The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library : - An unspecified error within the BlackBerry MDS Connection Service when processing PNG and TIFF images on a web page being viewed on a BlackBerry smartphone. - An unspecified error within the BlackBerry Messaging Agent when processing embedded PNG and TIFF images in an email sent to a BlackBerry smartphone. When the image processing library is used on a specially crafted PNG or TIFF image, an attacker may be able to execute arbitrary code in the context of the BlackBerry Enterprise Server login account. last seen 2020-06-01 modified 2020-06-02 plugin id 55819 published 2011-08-11 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55819 title BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0392.NASL description Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug : * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 53206 published 2011-03-29 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53206 title RHEL 4 / 5 / 6 : libtiff (RHSA-2011:0392) NASL family Scientific Linux Local Security Checks NASL id SL_20110329_LIBTIFF_ON_SL4_X.NASL description A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug : - A prior libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) last seen 2020-06-01 modified 2020-06-02 plugin id 60999 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60999 title Scientific Linux Security Update : libtiff on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-7474.NASL description The following bugs have been fixed : - Specially crafted files could cause a heap-based buffer overflows in the JPEG, Fax and Thunder decoders. (CVE-2011-0191 / CVE-2011-0192 / CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool. (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 57221 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57221 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 7474) NASL family Gain a shell remotely NASL id APPLETV_5_1.NASL description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 62357 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62357 title Apple TV < 5.1 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-7473.NASL description The following bugs have been fixed : - Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder. (CVE-2011-1167) - Directories with a large number of files could cause an integer overflow in the tiffdump tool. (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 53591 published 2011-04-29 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53591 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 7473) NASL family Fedora Local Security Checks NASL id FEDORA_2011-5962.NASL description Update MinGW Windows cross-compiled libtiff to 3.9.5, incorporating most of our previous patches. Includes a fix for CVE-2011-1167: A flaw was reported in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 53635 published 2011-05-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53635 title Fedora 14 : mingw32-libtiff-3.9.5-1.fc14 (2011-5962) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0392.NASL description Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug : * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 53239 published 2011-04-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53239 title CentOS 4 / 5 : libtiff (CESA-2011:0392) NASL family Fedora Local Security Checks NASL id FEDORA_2011-3836.NASL description Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53345 published 2011-04-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53345 title Fedora 14 : libtiff-3.9.4-4.fc14 (2011-3836) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1102-1.NASL description Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53294 published 2011-04-05 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53294 title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : tiff vulnerability (USN-1102-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-3827.NASL description Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53364 published 2011-04-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53364 title Fedora 13 : libtiff-3.9.4-4.fc13 (2011-3827) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-098-01.NASL description New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53362 published 2011-04-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53362 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2011-098-01) NASL family Fedora Local Security Checks NASL id FEDORA_2011-5336.NASL description Update to libtiff 3.9.5, incorporating all our previous patches plus other fixes, notably the fix for CVE-2009-5022 Fix incorrect fix for CVE-2011-0192 Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53560 published 2011-04-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53560 title Fedora 15 : libtiff-3.9.5-1.fc15 (2011-5336) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0392.NASL description From Red Hat Security Advisory 2011:0392 : Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug : * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68239 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68239 title Oracle Linux 4 / 5 / 6 : libtiff (ELSA-2011-0392) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_3.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57797 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57797 title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBTIFF-DEVEL-110415.NASL description Specially crafted tiff files could cause a heap-based buffer overflow in the thunder- and ojpeg-decoders (CVE-2011-1167, CVE-2009-5022). Directories with a large number of files could cause an integer overflow in the tiffdump tool (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 75621 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75621 title openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0405-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110329_LIBTIFF_ON_SL5_X.NASL description A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug : - A prior libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) last seen 2020-06-01 modified 2020-06-02 plugin id 61000 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61000 title Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2210.NASL description Several vulnerabilities were discovered in the TIFF manipulation and conversion library : - CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. This issue affects the Debian 5.0 Lenny package only. - CVE-2011-0192 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding. - CVE-2011-1167 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value. last seen 2020-03-17 modified 2011-04-04 plugin id 53260 published 2011-04-04 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53260 title Debian DSA-2210-1 : tiff - several vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-002.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework last seen 2020-06-01 modified 2020-06-02 plugin id 59067 published 2012-05-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59067 title Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBTIFF-DEVEL-110415.NASL description Specially crafted tiff files could cause a heap-based buffer overflow in the thunder-decoder (CVE-2011-1167). Directories with a large number of files could cause an integer overflow in the tiffdump tool (CVE-2010-4665) last seen 2020-06-01 modified 2020-06-02 plugin id 53761 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53761 title openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0409-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-02.NASL description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62235 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62235 title GLSA-201209-02 : libTIFF: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-5991.NASL description Update MinGW Windows cross-compiled libtiff to 3.9.5, incorporating most of our previous patches. Includes a fix for CVE-2011-1167: A flaw was reported in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 53612 published 2011-05-02 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53612 title Fedora 15 : mingw32-libtiff-3.9.5-1.fc15 (2011-5991) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-064.NASL description Multiple vulnerabilities were discovered and corrected in libtiff : Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding (CVE-2011-0191). Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53290 published 2011-04-05 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53290 title Mandriva Linux Security Advisory : libtiff (MDVSA-2011:064) NASL family Fedora Local Security Checks NASL id FEDORA_2011-5955.NASL description Update MinGW Windows cross-compiled libtiff to 3.9.5, incorporating most of our previous patches. Includes a fix for CVE-2011-1167: A flaw was reported in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 53634 published 2011-05-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53634 title Fedora 13 : mingw32-libtiff-3.9.5-1.fc13 (2011-5955)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=684939
- http://www.zerodayinitiative.com/advisories/ZDI-11-107
- http://www.osvdb.org/71256
- http://www.securityfocus.com/bid/46951
- http://bugzilla.maptools.org/show_bug.cgi?id=2300
- http://www.vupen.com/english/advisories/2011/0795
- http://www.redhat.com/support/errata/RHSA-2011-0392.html
- http://secunia.com/advisories/43900
- http://www.vupen.com/english/advisories/2011/0860
- http://ubuntu.com/usn/usn-1102-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
- http://www.vupen.com/english/advisories/2011/0845
- http://www.vupen.com/english/advisories/2011/0859
- http://secunia.com/advisories/43934
- http://www.debian.org/security/2011/dsa-2210
- http://www.vupen.com/english/advisories/2011/0930
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
- http://www.vupen.com/english/advisories/2011/0905
- http://www.vupen.com/english/advisories/2011/0960
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
- http://secunia.com/advisories/44135
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
- http://secunia.com/advisories/44117
- http://blackberry.com/btsc/KB27244
- http://secunia.com/advisories/43974
- http://www.securitytracker.com/id?1025257
- http://securityreason.com/securityalert/8165
- http://support.apple.com/kb/HT5130
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://support.apple.com/kb/HT5281
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://support.apple.com/kb/HT5503
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
- http://www.securityfocus.com/archive/1/517101/100/0/threaded