tiff2pdf buffer overflow A buffer overflow flaw has been found in tiff2pdf. Thomas Biege told vendor-sec about this (it came from a colleague of his) The code in question is as such: char buffer[5]; ... sprintf(buffer, "\\%.3o", pdfstr[i]); pdfstr[i] is signed char, therefore would write \37777777741
Fixed since libtiff-3.8.2-6.fc6
libtiff-3.8.2-1.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
moving to security response product -- should we decide to fix this in a future update we'll create the appropriate tracking bugs with flags for rhel4.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0848.html