Debian Security Advisory

DSA-567-1 tiff -- heap overflows

Date Reported:
15 Oct 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 11406.
In Mitre's CVE dictionary: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886.
CERT's vulnerabilities, advisories and incident notes: VU#687568, VU#555304.
More information:

Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. The Common Vulnerabilities and Exposures Project has identified the following problems:

  • CAN-2004-0803

    Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution.

  • CAN-2004-0804

    Matthias Clasen discovered a division by zero through an integer overflow.

  • CAN-2004-0886

    Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption.

For the stable distribution (woody) these problems have been fixed in version 3.5.5-6woody1.

For the unstable distribution (sid) these problems have been fixed in version 3.6.1-2.

We recommend that you upgrade your libtiff package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.