Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 12.04 ESM: USN-3212-4 Moderate: LibTIFF DoS Risk

ubuntu
Calendar Grey August 7, 2017
Dist Ubuntu Esm H88
LibTIFF security flaws can result in system instability or execute arbitrary code when handling manipulated images. Urgent update necessary for Ubuntu 12.04 ESM.
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

LibTIFF could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

USN-3212-1 fixed several issues in LibTIFF. This update

provides a subset of corresponding update for Ubuntu 12.04 ESM.

Mei Wang discovered a multiple integer overflows in LibTIFF which

allows remote attackers to cause a denial of service (crash) or

execute arbitrary code via a crafted TIFF image, which triggers

an out-of-bounds write. (CVE-2016-3945)

It was discovered that LibTIFF is vulnerable to a heap buffer

overflow in the resulting in DoS or code execution

via a crafted BitsPerSample value. (CVE-2017-5225)

Original advisory details:

 It was discovered that LibTIFF incorrectly handled certain malformed

 images. If a user or automated system were tricked into opening a

 specially crafted image, a remote attacker could crash the

 application, leading to a denial of serv...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libtiff-tools                   3.9.5-2ubuntu1.11
  libtiff4                        3.9.5-2ubuntu1.11

In general, a standard system update will make all the necessary
changes.

References

 

 

  CVE-2016-3945, CVE-2017-5225

Severity
important
Lowest
Low
Medium
High
Critical

August 07, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here