Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-156-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the 'YCbCr subsampling' value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.

Solution :

Update the affected libtiff-tools, libtiff4 and / or libtiff4-dev
packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20559 ()

Bugtraq ID:

CVE ID: