Nitrous

Name of the Vulnerable Software and Affected Versions: libtiff versions 3.8.2 and earlier tiff package versions prior to 3.8.2-r1 Description: A stack-based buffer overflow in the tiffsplit command could allow attackers to execute arbitrary code via a long filename. The issue might not be significant if there is no common scenario under which tiffsplit is called with attacker-controlled command line arguments. Multiple vulnerabilities in the tiff package may lead to disruption of confidentiality, integrity, and availability of protected information, and exploitation can be done remotely. Recommendations: For libtiff versions 3.8.2 and earlier, consider updating to a version later than 3.8.2 to resolve the issue. For tiff package versions prior to 3.8.2-r1, update to version 3.8.2-r1 or later to fix the vulnerabilities. As a temporary workaround, consider restricting the use of the tiffsplit command until a patch is available. Avoid using long filenames when calling the tiffsplit command to minimize the risk of exploitation.