LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 2552-1: tiff: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several vulnerabilities were discovered in Tiff, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation. [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2552-1                   security@debian.org
http://www.debian.org/security/                             Luciano Bello
September 26, 2012                     http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tiff
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-2482 CVE-2010-2595 CVE-2010-2597 CVE-2010-2630 
                 CVE-2010-4665 CVE-2012-2113 CVE-2012-3401
Debian Bug     : 678140

Several vulnerabilities were discovered in Tiff, a library set and tools 
to support the Tag Image File Format (TIFF), allowing denial of service and
potential privilege escalation.

These vulnerabilities can be exploited via a specially crafted TIFF image.

CVE-2012-2113
  The tiff2pdf utility has an integer overflow error when parsing images.

CVE-2012-3401
  Huzaifa Sidhpurwala discovered heap-based buffer overflow in the 
  t2p_read_tiff_init() function.

CVE-2010-2482
  An invalid td_stripbytecount field is not properly handle and can trigger a
  NULL pointer dereference.

CVE-2010-2595
  An array index error, related to "downsampled OJPEG input." in the
  TIFFYCbCrtoRGB function causes an unexpected crash.

CVE-2010-2597
  Also related to "downsampled OJPEG input", the TIFFVStripSize function crash
  unexpectly.

CVE-2010-2630
  The TIFFReadDirectory function does not properly validate the data types of 
  codec-specific tags that have an out-of-order position in a TIFF file.

CVE-2010-4665
  The tiffdump utility has an integer overflow in the ReadDirectory function.

For the stable distribution (squeeze), these problems have been fixed in
version 3.9.4-5+squeeze5.

For the testing distribution (wheezy), these problems have been fixed in
version 4.0.2-2.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.2-2.

We recommend that you upgrade your tiff packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.