The problem can be corrected by upgrading the affected package to version 3.6.1-1.1ubuntu1.4 (for Ubuntu 4.10), or 3.6.1-5ubuntu0.2 (for Ubuntu 5.04). After a standard system upgrade you need to restart your CUPS server with
sudo /etc/init.d/cupsys restart
to effect the necessary changes.
Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the "YCbCr subsampling" value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which caused the program that uses the TIFF library to crash. This leads to a Denial of Service in server applications that use libtiff (like the CUPS printing system) and can cause data loss in, for example, the Evolution email client.