Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)
Medium Nessus Plugin ID 80679
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. (CVE-2012-1173)
SolutionUpgrade to Solaris 11/11 SRU 8.5.