USN-1120-1: tiff vulnerability

Publication date

21 April 2011

Overview

The TIFF library could be made to run programs as your login if it opened a specially crafted file.


Packages

  • tiff - TIFF manipulation and conversion tools

Details

It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.

It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.

Update instructions

After a standard system update you need to restart your session to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
10.10 maverick libtiff4 –  3.9.4-2ubuntu0.4
10.04 lucid libtiff4 –  3.9.2-2ubuntu0.7

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›