Fedora 14 : mingw32-libtiff-3.9.5-1.fc14 (2011-5962)
Medium Nessus Plugin ID 53635
SynopsisThe remote Fedora host is missing a security update.
DescriptionUpdate MinGW Windows cross-compiled libtiff to 3.9.5, incorporating most of our previous patches.
Includes a fix for CVE-2011-1167: A flaw was reported in libtiff's thunder decoder. The thunder decoder assumes 4bits per pixel, but if a file has bitpersample set to a smaller value, or defaulted (1) then the allocated strip buffer will be too small, and a heap-based buffer overlow may occur. This could be used to crash an application linked to libtiff, or execute arbitrary code with the privileges of the application opening a malicious TIFF file.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected mingw32-libtiff package.