USN-156-1: TIFF vulnerability

29 July 2005

tiff vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the “YCbCr subsampling” value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which caused the program that uses the TIFF library to crash. This leads to a Denial of Service in server applications that use libtiff (like the CUPS printing system) and can cause data loss in, for example, the Evolution email client.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
libtiff4
Ubuntu 4.10
libtiff4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References