Synopsis :

The remote Debian host is missing a security-related update.

Description :

Tavis Ormandy discovered that the Tag Image File Format (TIFF) library
is vulnerable to a buffer overflow triggered by a crafted OJPEG file
which allows for a crash and potentially execution of arbitrary code.

The oldstable distribution (lenny) is not affected by this problem.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624287
http://www.debian.org/security/2011/dsa-2256

Solution :

Upgrade the tiff packages.

For the stable distribution (squeeze), this problem has been fixed in
version 3.9.4-5+squeeze2.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)