Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. CVE-2006-2025 An integer overflow allows attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1. For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1. The unstable distribution (sid) is not vulnerable to these problems. We recommend that you upgrade your libtiff packages.
Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
Multiple vulnerabilities allow attackers to cause a denial of service.
An integer overflow allows attackers to cause a denial of service and possibly execute arbitrary code.
A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code.
For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1.
For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1.
The unstable distribution (sid) is not vulnerable to these problems.
We recommend that you upgrade your libtiff packages.
MD5 checksums of the listed files are available in the original advisory.