Fedora 14 : mingw32-libtiff-3.9.5-1.fc14 (2011-5962)

Medium Nessus Plugin ID 53635


The remote Fedora host is missing a security update.


Update MinGW Windows cross-compiled libtiff to 3.9.5, incorporating most of our previous patches.

Includes a fix for CVE-2011-1167: A flaw was reported in libtiff's thunder decoder. The thunder decoder assumes 4bits per pixel, but if a file has bitpersample set to a smaller value, or defaulted (1) then the allocated strip buffer will be too small, and a heap-based buffer overlow may occur. This could be used to crash an application linked to libtiff, or execute arbitrary code with the privileges of the application opening a malicious TIFF file.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected mingw32-libtiff package.

See Also



Plugin Details

Severity: Medium

ID: 53635

File Name: fedora_2011-5962.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2011/05/04

Modified: 2016/05/11

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mingw32-libtiff, cpe:/o:fedoraproject:fedora:14

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/04/25

Reference Information

CVE: CVE-2011-1167

BID: 46951

OSVDB: 71256

FEDORA: 2011-5962