How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker
could create a carefully crafted LZW-encoded TIFF file that would
cause an application linked with libtiff to crash or, possibly,
execute arbitrary code. (CVE-2008-2327)
SL4: A buffer overflow flaw was discovered in the tiff2pdf conversion
program distributed with libtiff. An attacker could create a TIFF file
containing UTF-8 characters that would, when converted to PDF format,
cause tiff2pdf to crash, or, possibly, execute arbitrary code.
SL5: Additionally, these updated packages fix the following
- the libtiff packages included manual pages for the
sgi2tiff and tiffsv commands, which are not included in
these packages. These extraneous manual pages were
See also :
Update the affected libtiff and / or libtiff-devel packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60471 ()
CVE ID: CVE-2006-2193CVE-2008-2327
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.