Oval Definition:	oval:org.mitre.oval:def:13302
Revision Date: 2014-06-30 Version: 20 Title: USN-1085-1 -- tiff vulnerabilities Description: Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. If a user or automated system were tricked into opening a specially crafted TIFF FAX image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-2482 CVE-2010-2483 CVE-2010-2595 CVE-2010-2597 CVE-2010-2598 CVE-2010-2630 CVE-2010-3087 CVE-2011-0191 CVE-2011-0192 USN-1085-1 USN-1085-1 Platform(s): Ubuntu 10.04 Ubuntu 10.10 Ubuntu 6.06 Ubuntu 8.04 Ubuntu 9.10 Product(s): tiff Definition Synopsis Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND Packages section libtiff4 DPKG is earlier than 3.8.2-7ubuntu3.7 OR libtiff-opengl DPKG is earlier than 3.8.2-7ubuntu3.7 OR libtiffxx0c2 DPKG is earlier than 3.8.2-7ubuntu3.7 OR libtiff-tools DPKG is earlier than 3.8.2-7ubuntu3.7 OR libtiff4-dev DPKG is earlier than 3.8.2-7ubuntu3.7 OR Release section Ubuntu 10.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtiff-doc DPKG is earlier than 3.9.4-2ubuntu0.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc OR Installed architecture is armel OR Installed architecture is amd64 OR Installed architecture is i386 AND Packages section libtiff4 DPKG is earlier than 3.9.4-2ubuntu0.1 OR libtiff-opengl DPKG is earlier than 3.9.4-2ubuntu0.1 OR libtiffxx0c2 DPKG is earlier than 3.9.4-2ubuntu0.1 OR libtiff-tools DPKG is earlier than 3.9.4-2ubuntu0.1 OR libtiff4-dev DPKG is earlier than 3.9.4-2ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtiff-doc DPKG is earlier than 3.9.2-2ubuntu0.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is armel AND Packages section libtiff4 DPKG is earlier than 3.9.2-2ubuntu0.4 OR libtiff-opengl DPKG is earlier than 3.9.2-2ubuntu0.4 OR libtiffxx0c2 DPKG is earlier than 3.9.2-2ubuntu0.4 OR libtiff-tools DPKG is earlier than 3.9.2-2ubuntu0.4 OR libtiff4-dev DPKG is earlier than 3.9.2-2ubuntu0.4 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtiff-doc DPKG is earlier than 3.8.2-13ubuntu0.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is powerpc OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is lpia AND Packages section libtiff4 DPKG is earlier than 3.8.2-13ubuntu0.4 OR libtiff-opengl DPKG is earlier than 3.8.2-13ubuntu0.4 OR libtiffxx0c2 DPKG is earlier than 3.8.2-13ubuntu0.4 OR libtiff-tools DPKG is earlier than 3.8.2-13ubuntu0.4 OR libtiff4-dev DPKG is earlier than 3.8.2-13ubuntu0.4 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is powerpc AND Packages section libtiff4 DPKG is earlier than 3.7.4-1ubuntu3.9 OR libtiff-opengl DPKG is earlier than 3.7.4-1ubuntu3.9 OR libtiffxx0c2 DPKG is earlier than 3.7.4-1ubuntu3.9 OR libtiff-tools DPKG is earlier than 3.7.4-1ubuntu3.9 OR libtiff4-dev DPKG is earlier than 3.7.4-1ubuntu3.9
BACK