libtiff is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.
blackberry.com/btsc/KB27244
lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
secunia.com/advisories/43585
secunia.com/advisories/43593
secunia.com/advisories/43664
secunia.com/advisories/43934
secunia.com/advisories/44117
secunia.com/advisories/44135
secunia.com/advisories/50726
security.gentoo.org/glsa/glsa-201209-02.xml
slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
support.apple.com/kb/HT4554
support.apple.com/kb/HT4564
support.apple.com/kb/HT4565
support.apple.com/kb/HT4566
support.apple.com/kb/HT4581
support.apple.com/kb/HT4999
support.apple.com/kb/HT5001
www.debian.org/security/2011/dsa-2210
www.mandriva.com/security/advisories?name=MDVSA-2011:043
www.redhat.com/support/errata/RHSA-2011-0318.html
www.securityfocus.com/bid/46658
www.securitytracker.com/id?1025153
www.vupen.com/english/advisories/2011/0551
www.vupen.com/english/advisories/2011/0599
www.vupen.com/english/advisories/2011/0621
www.vupen.com/english/advisories/2011/0845
www.vupen.com/english/advisories/2011/0905
www.vupen.com/english/advisories/2011/0930
www.vupen.com/english/advisories/2011/0960
access.redhat.com/errata/RHSA-2011:0318
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=678635