CVE-2011-0192

Name of the Vulnerable Software and Affected Versions LibTIFF versions 3.9.4 and possibly other versions tiff package versions prior to 4.0.2-r1

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding. This is related to the EXPAND2D macro in libtiff/tif fax3.h. Multiple vulnerabilities in the tiff package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For LibTIFF version 3.9.4, consider updating to a newer version to mitigate the risk. For tiff package versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting the use of TIFF Internet Fax image files that have been compressed using CCITT Group 4 encoding until a patch is available.