USN-3212-1: LibTIFF vulnerabilities
27 February 2017
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- tiff - Tag Image File Format (TIFF) library
Details
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10
Ubuntu 16.04
Ubuntu 14.04
In general, a standard system update will make all the necessary changes.
References
- CVE-2015-7554
- CVE-2015-8668
- CVE-2016-10092
- CVE-2016-10093
- CVE-2016-10094
- CVE-2016-3622
- CVE-2016-3623
- CVE-2016-3624
- CVE-2016-3632
- CVE-2016-3658
- CVE-2016-3945
- CVE-2016-3990
- CVE-2016-3991
- CVE-2016-5314
- CVE-2016-5315
- CVE-2016-5316
- CVE-2016-5317
- CVE-2016-5320
- CVE-2016-5321
- CVE-2016-5322
- CVE-2016-5323
- CVE-2016-5652
- CVE-2016-5875
- CVE-2016-6223
- CVE-2016-8331
- CVE-2016-9273
- CVE-2016-9297
- CVE-2016-9448
- CVE-2016-9453
- CVE-2016-9532
- CVE-2016-9533
- CVE-2016-9534
- CVE-2016-9535
- CVE-2016-9536
- CVE-2016-9537
- CVE-2016-9538
- CVE-2016-9539
- CVE-2016-9540
- CVE-2017-5225
Related notices
- USN-3212-3: tiff, libtiff-tools, libtiff4
- USN-3212-4: tiff, libtiff-tools, libtiff4