Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_5581_denial_of)
Medium Nessus Plugin ID 80683
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
SolutionUpgrade to Solaris 126.96.36.199.0.