FreeBSD : tiff -- directory entry count integer overflow vulnerability (fc7e6a42-6012-11d9-a9e7-0001020eed82)
Critical Nessus Plugin ID 19184
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionIn an iDEFENSE Security Advisory infamous41md reports :
Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.
The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry.
A TIFF file includes a number of directory entry header fields that describe the data in the file. Included in these entries is an entry count and offset value that are calculated to determine the size and location of the data for that entry.
SolutionUpdate the affected packages.