USN-46-1: TIFF library vulnerability
Posted on: 12/22/2004 04:30 PM

A TIFF library security update has been released for Ubuntu Linux 4.10

Ubuntu Security Notice USN-46-1 December 22, 2004
tiff vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 3.6.1-1.1ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of "directory entry" header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library.

Since this library is used in many applications like "ghostscript" and the "CUPS" printing system, this vulnerability may lead to remotely induced privilege escalation.

Source archives:
Size/MD5: 22770 6763905425507303c628d773cee68cd1
Size/MD5: 646 9382dd270ae226e5f2a404006d78db47
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 172868 dc56a896377bdb6cc10ff8038aaf33da
Size/MD5: 458450 7f607e3b97fb5bcdd5da37f4f44d9ae2
Size/MD5: 111346 62e90ecdbf07bf0c571728890fa26e23

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 157252 940f8a1884509bc892eca7b26ea67d6c
Size/MD5: 439610 3881385ae3ba4d84837a6912bd38f946
Size/MD5: 102238 d3b3a7afde8e221b801ba619139ce09e

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 187880 7373d1bbd48331f917a8b6132368bb6d
Size/MD5: 462496 6e7a942d020ffba8c3abef047e550fea
Size/MD5: 112420 6424b25afbd913496f49c7eb4f96ca77

Printed from Linux Compatible (