USN-639-1: tiff vulnerability
2 September 2008
tiff vulnerability
Releases
Packages
- tiff -
Details
Drew Yao discovered that the TIFF library did not correctly validate LZW
compressed TIFF images. If a user or automated system were tricked into
processing a malicious image, a remote attacker could execute arbitrary
code or cause an application linked against libtiff to crash, leading
to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.