Packages
- tiff - TIFF manipulation and conversion tools
Details
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of service. This issue only affected Ubuntu 10.10.
(CVE-2010-2482)
Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled
invalid ReferenceBlackWhite values. If a user or automated system were
tricked...
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of service. This issue only affected Ubuntu 10.10.
(CVE-2010-2482)
Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled
invalid ReferenceBlackWhite values. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service.
(CVE-2010-2595)
Sauli Pahlman discovered that the TIFF library incorrectly handled certain
default fields. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598)
It was discovered that the TIFF library incorrectly validated certain
data types. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2630)
It was discovered that the TIFF library incorrectly handled downsampled
JPEG data. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-3087)
It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.
This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10.
(CVE-2011-0191)
It was discovered that the TIFF library incorrectly handled certain TIFF
FAX images. If a user or automated system were tricked into opening a
specially crafted TIFF FAX image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. (CVE-2011-0191)
Update instructions
After a standard system update you need to restart your session to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | libtiff4 – 3.8.2-13ubuntu0.4 | ||
| 8.04 hardy | libtiff4 – 3.8.2-7ubuntu3.7 | ||
| 6.06 dapper | libtiff4 – 3.7.4-1ubuntu3.9 | ||
| 10.10 maverick | libtiff4 – 3.9.4-2ubuntu0.1 | ||
| 10.04 lucid | libtiff4 – 3.9.2-2ubuntu0.4 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.