Article Source Gentoo Linux Security Advisories
Two vulnerabilities have been reported in libTIFF:
- wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285).
- Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347).