This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker
could create a carefully crafted LZW-encoded TIFF file that would
cause an application linked with libtiff to crash or, possibly,
execute arbitrary code. (CVE-2008-2327)
SL4: A buffer overflow flaw was discovered in the tiff2pdf conversion
program distributed with libtiff. An attacker could create a TIFF file
containing UTF-8 characters that would, when converted to PDF format,
cause tiff2pdf to crash, or, possibly, execute arbitrary code.
SL4 & SL5: Additionally, these updated packages fix the following
- the libtiff packages included manual pages for the
sgi2tiff and tiffsv commands, which are not included in
these packages. These extraneous manual pages were
See also :
Update the affected libtiff and / or libtiff-devel packages.
Risk factor :
High / CVSS Base Score : 7.5