Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-626-1:6644E
HistoryJan 06, 2005 - 2:16 p.m.

[SECURITY] [DSA 626-1] New tiff packages fix denial of service

2005-01-0614:16:53
lists.debian.org
5

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA 626-1 [email protected]
http://www.debian.org/security/ Martin Schulze
January 6th, 2005 http://www.debian.org/security/faq

Package : tiff
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1183

Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image
File Format library for processing TIFF graphics files. Upon reading
a TIFF file it is possible to crash the application, and maybe also to
execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 3.5.5-6.woody5.

For the unstable distribution (sid) this problem has been fixed in
version 3.6.1-5.

We recommend that you upgrade your libtiff package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.dsc
  Size/MD5 checksum:      637 30abd553c21fae8aa009f64c7d5c5fb7
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.diff.gz
  Size/MD5 checksum:    37066 4b47449e5c15f5981121d2bb29212fc8
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
  Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_alpha.deb
  Size/MD5 checksum:   141472 2e1246f3ef1525394c8c27b4cf5809f8
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_alpha.deb
  Size/MD5 checksum:   105420 40ae38e633c220b2d578cc2d21791c11
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_alpha.deb
  Size/MD5 checksum:   423234 df5bcc13ca6f61c363a452f6752e3e34

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_arm.deb
  Size/MD5 checksum:   117008 f89f5d1545fa5823fdb465cedce10d14
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_arm.deb
  Size/MD5 checksum:    90708 8d3b23cb9262f295a3c58963ffe33c93
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_arm.deb
  Size/MD5 checksum:   404256 9af23d64ad58077d4872661bbec90778

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_i386.deb
  Size/MD5 checksum:   112096 7c6752fbe95e11b7c67e2bb950b04fa1
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_i386.deb
  Size/MD5 checksum:    81286 c2e334518bcb0bfcf43b50490704b70c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_i386.deb
  Size/MD5 checksum:   386974 75532bb3d037538763707553c306cdbe

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_ia64.deb
  Size/MD5 checksum:   158802 7aba7243abdddfc1f1ecf59c60487fa2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_ia64.deb
  Size/MD5 checksum:   135648 fac88e6eb25d46a81270d4e1865d5db6
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_ia64.deb
  Size/MD5 checksum:   446518 c73d407fc0ba4afa22cf31fbe61639a7

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_hppa.deb
  Size/MD5 checksum:   128304 d2ee674c359384f1b53ddf9a198863f4
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_hppa.deb
  Size/MD5 checksum:   107050 9ddc7d795cd6aaf87ab44d4adff17d00
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_hppa.deb
  Size/MD5 checksum:   420374 4c2afddeb88d91f66672b9419b14e69e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_m68k.deb
  Size/MD5 checksum:   107306 4d9c44ec8da6315698acc948423380ee
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_m68k.deb
  Size/MD5 checksum:    80036 9eaa32eb605078c0772deebd35f02b2e
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_m68k.deb
  Size/MD5 checksum:   380154 9b66e37ff70d402ae699d98d4fcefc39

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mips.deb
  Size/MD5 checksum:   124080 f058c706cd24c58aaf26c8a607b5970c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mips.deb
  Size/MD5 checksum:    88076 3c84f8da76f29eb167ce233d579a7d46
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mips.deb
  Size/MD5 checksum:   410788 d17ac2c5788fff8dbcf07bcde307a394

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mipsel.deb
  Size/MD5 checksum:   123676 0824a0dbca1c6e3d164d0f6f6895ca91
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mipsel.deb
  Size/MD5 checksum:    88440 107db6c5e16141137a3f4ca68583050e
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mipsel.deb
  Size/MD5 checksum:   411380 0c4ecfc18395d97d1043a10e35f28bcb

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_powerpc.deb
  Size/MD5 checksum:   116074 b217403c7eb35fc693803eb435597977
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_powerpc.deb
  Size/MD5 checksum:    89692 e8cb99fb55ede4b7d74f0f2d43efa1f7
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_powerpc.deb
  Size/MD5 checksum:   402422 7bc2f2471f7c1bb6c7b259cda3844359

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_s390.deb
  Size/MD5 checksum:   116944 654854ff01018ec39fbb459c2264dee2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_s390.deb
  Size/MD5 checksum:    92028 e3737813924d9c647e9b8ff9239dfdce
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_s390.deb
  Size/MD5 checksum:   395354 54a156b1986175fc95e747fd95e281aa

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_sparc.deb
  Size/MD5 checksum:   132914 677d66df3e0190f1a08e09093d136f66
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_sparc.deb
  Size/MD5 checksum:    88834 24e946dce29d51cc920cb7237749e195
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_sparc.deb
  Size/MD5 checksum:   397052 367b1261c62cd443cbfa5114b05ad593

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3i386libtiff3g-dev< 3.5.5-6.woody5libtiff3g-dev_3.5.5-6.woody5_i386.deb
Debian3m68klibtiff3g< 3.5.5-6.woody5libtiff3g_3.5.5-6.woody5_m68k.deb
Debian3armlibtiff3g< 3.5.5-6.woody5libtiff3g_3.5.5-6.woody5_arm.deb
Debian3hppalibtiff3g< 3.5.5-6.woody5libtiff3g_3.5.5-6.woody5_hppa.deb
Debian3i386libtiff3g< 3.5.5-6.woody5libtiff3g_3.5.5-6.woody5_i386.deb
Debian3hppalibtiff-tools< 3.5.5-6.woody5libtiff-tools_3.5.5-6.woody5_hppa.deb
Debian3m68klibtiff-tools< 3.5.5-6.woody5libtiff-tools_3.5.5-6.woody5_m68k.deb
Debian3alphalibtiff3g< 3.5.5-6.woody5libtiff3g_3.5.5-6.woody5_alpha.deb
Debian3s390libtiff3g-dev< 3.5.5-6.woody5libtiff3g-dev_3.5.5-6.woody5_s390.deb
Debian3alphalibtiff3g-dev< 3.5.5-6.woody5libtiff3g-dev_3.5.5-6.woody5_alpha.deb
Rows per page:
1-10 of 341

Related

nessus 10
freebsd 1
openvas 7
osv 1
ubuntucve 1
debiancve 1
debian 1
ubuntu 1
cve 1
cvelist 1
cert 1
gentoo 1
suse 1
redhat 2
securityvulns 1
nessus
nessus
Debian DSA-626-1 : tiff - unsanitised input
2005-01-06 00:00:00
FreeBSD : tiff -- tiffdump integer overflow vulnerability (8f86d8b5-6025-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
Ubuntu 4.10 : tiff vulnerability (USN-54-1)
2006-01-15 00:00:00
freebsd
freebsd
tiff -- tiffdump integer overflow vulnerability
2005-01-06 00:00:00
openvas
openvas
FreeBSD Ports: tiff
2008-09-04 00:00:00
Ubuntu: Security Advisory (USN-54-1)
2022-08-26 00:00:00
FreeBSD Ports: tiff
2008-09-04 00:00:00
osv
osv
tiff - unsanitised input
2005-01-06 00:00:00
ubuntucve
ubuntucve
CVE-2004-1183
2005-01-06 00:00:00
debiancve
debiancve
CVE-2004-1183
2005-01-06 05:00:00
debian
debian
[SECURITY] [DSA 626-1] New tiff packages fix denial of service
2005-01-06 00:00:00
ubuntu
ubuntu
TIFF library tool vulnerability
2005-01-07 00:00:00
cve
cve
CVE-2004-1183
2005-01-06 05:00:00
cvelist
cvelist
CVE-2004-1183
2005-01-19 05:00:00
cert
cert
LibTIFF vulnerable to integer overflow via corrupted directory entry count
2005-01-11 00:00:00
gentoo
gentoo
tiff: New overflows in image decoding
2005-01-05 00:00:00
suse
suse
remote system compromise in libtiff/tiff
2005-01-10 10:35:29
redhat
redhat
(RHSA-2005:035) libtiff security update
2005-02-15 00:00:00
(RHSA-2005:019) libtiff security update
2005-01-13 00:00:00
securityvulns
securityvulns
[ GLSA 200501-06 ] tiff: New overflows in image decoding
2005-01-06 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-626-1:6644E
nessus10freebsd1openvas7osv1ubuntucve1debiancve1debian1ubuntu1cve1cvelist1cert1gentoo1suse1redhat2securityvulns1