Lucene search

K
ubuntuUbuntuUSN-639-1
HistorySep 02, 2008 - 12:00 a.m.

tiff vulnerability

2008-09-0200:00:00
ubuntu.com
43
tiff library
lzw compression
remote code execution
denial of service
unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.008

Percentile

81.9%

Releases

  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.06

Packages

  • tiff -

Details

Drew Yao discovered that the TIFF library did not correctly validate LZW
compressed TIFF images. If a user or automated system were tricked into
processing a malicious image, a remote attacker could execute arbitrary
code or cause an application linked against libtiff to crash, leading
to a denial of service.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibtiff4<Β 3.8.2-7ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibtiff-opengl<Β 3.8.2-7ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibtiff-tools<Β 3.8.2-7ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibtiff4-dev<Β 3.8.2-7ubuntu3.1UNKNOWN
Ubuntu8.04noarchlibtiffxx0c2<Β 3.8.2-7ubuntu3.1UNKNOWN
Ubuntu7.10noarchlibtiff4<Β 3.8.2-7ubuntu2.1UNKNOWN
Ubuntu7.10noarchlibtiff-opengl<Β 3.8.2-7ubuntu2.1UNKNOWN
Ubuntu7.10noarchlibtiff-tools<Β 3.8.2-7ubuntu2.1UNKNOWN
Ubuntu7.10noarchlibtiff4-dev<Β 3.8.2-7ubuntu2.1UNKNOWN
Ubuntu7.10noarchlibtiffxx0c2<Β 3.8.2-7ubuntu2.1UNKNOWN
Rows per page:
1-10 of 201

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.008

Percentile

81.9%