Security Information / 2014 / Security Information -- DSA-2965-1 tiff

Debian Security Advisory

DSA-2965-1 tiff -- security update

Date Reported:

22 Jun 2014

Affected Packages:

tiff

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 742917.
In Mitre's CVE dictionary: CVE-2013-4243.

More information:

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution.

For the stable distribution (wheezy), this problem has been fixed in version 4.0.2-6+deb7u3.

For the testing distribution (jessie), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 4.0.3-9.

We recommend that you upgrade your tiff packages.