Package : tiff
Version : 3.9.4-5+squeeze12
CVE ID : CVE-2014-8128 CVE-2014-8129 CVE-2014-9330 CVE-2014-9655
Debian Bug : 773987
Several vulnerabilities have been discovered in the LibTIFF library
and utilities for the Tag Image File Format. These could lead to a
denial of service, information disclosure or privilege escalation.
CVE-2014-8128
William Robinet discovered that out-of-bounds writes are triggered
in several of the LibTIFF utilities when processing crafted TIFF
files. Other applications using LibTIFF are also likely to be
affected in the same way.
CVE-2014-8129
William Robinet discovered that out-of-bounds reads and writes are
triggered in tiff2pdf when processing crafted TIFF files. Other
applications using LibTIFF are also likely to be affected in the same
way.
CVE-2014-9330
Paris Zoumpouloglou discovered that out-of-bounds reads and writes are
triggered in bmp2tiff when processing crafted BMP files.
CVE-2014-9655
Michal Zalewski discovered that out-of-bounds reads and writes are
triggered in LibTIFF when processing crafted TIFF files.
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 3.9.4-5+squeeze12.
For the oldstable distribution (wheezy), these problems will be fixed
soon.
The stable distribution (jessie) was not affected by these problems as
they were fixed before release.
--
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part