Debian: DSA 567-1 Critical: libtiff Remote Code Execution Threat
debian
October 15, 2004
Several problems have been discovered in libtiff, the Tag Image FileFormat library for processing TIFF graphics files
Summary
Several problems have been discovered in libtiff, the Tag Image File
Format library for processing TIFF graphics files. An attacker could
prepare a specially crafted TIFF graphic that would cause the client
to execute arbitrary code or crash. The Common Vulnerabilities and
Exposures Project has identified the following problems:
CAN-2004-0803
Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.
CAN-2004-0804
Matthias Clasen discovered a division by zero through an integer
overflow.
CAN-2004-0886
Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.
For the stable distribution (woody) these problems have been fixed in
version 3.5.5-6woody1.
For the unstable distribution (sid) these problems have been fixed in
version 3.6.1-2.
We recommend that you upgrade your libtiff package.
Upgrade Instructions
--------------------
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: tiff
CVE ID: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!