1
PublicDateAtUSN: 2012-10-28
2
Candidate: CVE-2012-4447
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447
6
http://www.openwall.com/lists/oss-security/2012/09/25/9
7
https://usn.ubuntu.com/usn/usn-1631-1
9
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows
10
remote attackers to cause a denial of service (application crash) and
11
possibly execute arbitrary code via a crafted TIFF image using the PixarLog
15
mdeslaur> as of 2012-10-05, patch may be incomplete. See oss-security
17
mdeslaur> incomplete fix in 4.0.2
19
https://bugzilla.redhat.com/show_bug.cgi?id=860198
20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688944
26
patch: https://bugzilla.redhat.com/attachment.cgi?id=616925&action=diff&context=patch&collapsed=&headers=1&format=raw
27
upstream_tiff: released (4.0.2-4)
28
hardy_tiff: released (3.8.2-7ubuntu3.14)
29
lucid_tiff: released (3.9.2-2ubuntu0.11)
30
natty_tiff: ignored (reached end-of-life)
31
oneiric_tiff: released (3.9.5-1ubuntu1.4)
32
precise_tiff: released (3.9.5-2ubuntu1.3)
33
quantal_tiff: released (4.0.2-1ubuntu2.1)
34
raring_tiff: not-affected (4.0.2-4ubuntu1)
35
saucy_tiff: not-affected (4.0.2-4ubuntu1)
36
trusty_tiff: not-affected (4.0.2-4ubuntu1)
37
devel_tiff: not-affected (4.0.2-4ubuntu1)
40
patch: https://bugzilla.redhat.com/attachment.cgi?id=616925&action=diff&context=patch&collapsed=&headers=1&format=raw
41
vendor: http://www.debian.org/security/2012/dsa-2561
42
upstream_tiff3: needs-triage
48
quantal_tiff3: ignored (reached end-of-life)
49
raring_tiff3: ignored (reached end-of-life)
50
saucy_tiff3: ignored (reached end-of-life)