A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of “directory entry” header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library.
Since this library is used in many applications like “ghostscript” and the “CUPS” printing system, this vulnerability may lead to remotely induced privilege escalation.
22 December 2004
A security issue affects these releases of Ubuntu and its derivatives:
A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of “directory entry” header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library.
Since this library is used in many applications like “ghostscript” and the “CUPS” printing system, this vulnerability may lead to remotely induced privilege escalation.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon