Ubuntu Security Notice USN-156-1
29th July, 2005
tiff vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- libtiff4
- Ubuntu 4.10:
- libtiff4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None