Oval Definition:oval:org.mitre.oval:def:13644
Revision Date:2014-06-23Version:19
Title:DSA-1835-1 tiff -- several
Description:Several vulnerabilities have been discovered in the library for the Tag Image File Format. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. For the old stable distribution, these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution, these problems have been fixed in version 3.8.2-11.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your tiff packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2285
CVE-2009-2347
DSA-1835-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):tiff
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND libtiff-doc DPKG is earlier than 3.8.2-11.2
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libtiff4 DPKG is earlier than 3.8.2-11.2
  • OR libtiff-opengl DPKG is earlier than 3.8.2-11.2
  • OR libtiff-tools DPKG is earlier than 3.8.2-11.2
  • OR libtiffxx0c2 DPKG is earlier than 3.8.2-11.2
  • OR libtiff4-dev DPKG is earlier than 3.8.2-11.2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Packages section
  • libtiff4 DPKG is earlier than 3.8.2-7+etch3
  • OR libtiff-opengl DPKG is earlier than 3.8.2-7+etch3
  • OR libtiffxx0c2 DPKG is earlier than 3.8.2-7+etch3
  • OR libtiff-tools DPKG is earlier than 3.8.2-7+etch3
  • OR libtiff4-dev DPKG is earlier than 3.8.2-7+etch3
    • BACK