Test ID:	1.3.6.1.4.1.25623.1.0.72147
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:127 (libtiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libtiff announced via advisory MDVSA-2012:127. A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401). The updated packages have been patched to correct this issue. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:127 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3401 49938 http://secunia.com/advisories/49938 50007 http://secunia.com/advisories/50007 50726 http://secunia.com/advisories/50726 54601 http://www.securityfocus.com/bid/54601 84090 http://osvdb.org/84090 DSA-2552 http://www.debian.org/security/2012/dsa-2552 GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:127 http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1511-1 http://www.ubuntu.com/usn/USN-1511-1 [oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/4 [oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/1 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.redhat.com/attachment.cgi?id=596457 https://bugzilla.redhat.com/show_bug.cgi?id=837577 libtiff-t2preadtiffinit-bo(77088) https://exchange.xforce.ibmcloud.com/vulnerabilities/77088 openSUSE-SU-2012:0955 http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.