CVE-2012-2088

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.2 tiff versions prior to 4.0.2-r1 libtiff3 versions prior to 3.9.4 libtiff-devel versions prior to 3.9.4 libtiff-x86 versions prior to 3.9.4 libtiff-32bit versions prior to 3.9.4 libtiff-64bit versions prior to 3.9.4 libtiff3-32bit versions prior to 3.9.4 libtiff3-x86 versions prior to 3.9.4 libtiff-devel-32bit versions prior to 3.9.4 libtiff-devel-64bit versions prior to 3.9.4

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. The vulnerabilities are caused by an integer signedness error in the TIFFReadDirectory function, which can trigger an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

Recommendations For libtiff versions prior to 4.0.2, update to version 4.0.2 or later. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later. For libtiff3 versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-devel versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-x86 versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-32bit versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-64bit versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff3-32bit versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff3-x86 versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-devel-32bit versions prior to 3.9.4, update to version 3.9.4 or later. For libtiff-devel-64bit versions prior to 3.9.4, update to version 3.9.4 or later. As a temporary workaround, consider disabling the TIFFReadDirectory function until a patch is available.