tiff vulnerabilities

2006-08-0300:00:00

ubuntu.com

7.1 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.362 Low

EPSS

Percentile

97.1%

JSON

Releases

Ubuntu 6.06
Ubuntu 5.10
Ubuntu 5.04

Details

Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application’s privileges.

This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchlibtiff4< 3.7.4-1ubuntu3.2UNKNOWN
Ubuntu5.10noarchlibtiff4< 3.7.3-1ubuntu1.5UNKNOWN
Ubuntu5.04noarchlibtiff4< 3.6.1-5ubuntu0.6UNKNOWN