This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities was found and corrected in libtiff :
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3
allows remote attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a crafted TIFF image
using the PixarLog Compression format (CVE-2012-4447).
ppm2tiff does not check the return value of the TIFFScanlineSize
function, which allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PPM image
that triggers an integer overflow, a zero-memory allocation, and a
heap-based buffer overflow (CVE-2012-4564).
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false