Oval Definition:oval:org.mitre.oval:def:7522
Revision Date:2014-06-23Version:17
Title:DSA-1835 tiff -- several vulnerabilities
Description:Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2285
CVE-2009-2347
DSA-1835
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):tiff
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND libtiff-doc is earlier than 3.8.2-11.2
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libtiff4 is earlier than 3.8.2-11.2
  • OR libtiff-opengl is earlier than 3.8.2-11.2
  • OR libtiff-tools is earlier than 3.8.2-11.2
  • OR libtiffxx0c2 is earlier than 3.8.2-11.2
  • OR libtiff4-dev is earlier than 3.8.2-11.2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Packages section
  • libtiff4 is earlier than 3.8.2-7+etch3
  • OR libtiff-opengl is earlier than 3.8.2-7+etch3
  • OR libtiffxx0c2 is earlier than 3.8.2-7+etch3
  • OR libtiff-tools is earlier than 3.8.2-7+etch3
  • OR libtiff4-dev is earlier than 3.8.2-7+etch3
  • BACK