Debian Security Advisory

DLA-0013-1 tiff -- LTS security update

Date Reported:
01 Jul 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2013-4243.
More information:

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution.

For Debian 6 Squeeze, these issues have been fixed in tiff version 3.9.4-5+squeeze11