Mandrake Linux Security Advisory : libtiff (MDKSA-2006:042)

High Nessus Plugin ID 20941


The remote Mandrake Linux host is missing one or more security updates.


Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.

The updated packages have been patched to correct this issue.


Update the affected packages.

Plugin Details

Severity: High

ID: 20941

File Name: mandrake_MDKSA-2006-042.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2006/02/19

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64tiff3, p-cpe:/a:mandriva:linux:lib64tiff3-devel, p-cpe:/a:mandriva:linux:lib64tiff3-static-devel, p-cpe:/a:mandriva:linux:libtiff-progs, p-cpe:/a:mandriva:linux:libtiff3, p-cpe:/a:mandriva:linux:libtiff3-devel, p-cpe:/a:mandriva:linux:libtiff3-static-devel, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2006/02/17

Reference Information

CVE: CVE-2005-1544

MDKSA: 2006:042