Debian DLA-1206-1 : tiff security update
Medium Nessus Plugin ID 105194
SynopsisThe remote Debian host is missing a security update.
DescriptionIn LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
This overflow is linked to an underlying assumption that all pages in a tiff document will have the same transfer function. There is nothing in the tiff standard that says this needs to be the case.
For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u17.
We recommend that you upgrade your tiff packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.