USN-46-1: TIFF library vulnerability

22 December 2004

tiff vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of “directory entry” header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library.

Since this library is used in many applications like “ghostscript” and the “CUPS” printing system, this vulnerability may lead to remotely induced privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libtiff4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References