USN-156-1: TIFF vulnerability
29 July 2005
TIFF vulnerability
Releases
Details
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.04
-
libtiff4
-
Ubuntu 4.10
-
libtiff4
-
In general, a standard system update will make all the necessary changes.