Oval Definition:	oval:org.mitre.oval:def:7522
Revision Date: 2014-06-23 Version: 17 Title: DSA-1835 tiff -- several vulnerabilities Description: Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-2285 CVE-2009-2347 DSA-1835 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): tiff Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtiff-doc is earlier than 3.8.2-11.2 OR Architecture dependent section Supported architectures section Installed architecture is s390 OR Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is arm OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is powerpc OR Installed architecture is mipsel OR Installed architecture is hppa AND Packages section libtiff4 is earlier than 3.8.2-11.2 OR libtiff-opengl is earlier than 3.8.2-11.2 OR libtiff-tools is earlier than 3.8.2-11.2 OR libtiffxx0c2 is earlier than 3.8.2-11.2 OR libtiff4-dev is earlier than 3.8.2-11.2 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section libtiff4 is earlier than 3.8.2-7+etch3 OR libtiff-opengl is earlier than 3.8.2-7+etch3 OR libtiffxx0c2 is earlier than 3.8.2-7+etch3 OR libtiff-tools is earlier than 3.8.2-7+etch3 OR libtiff4-dev is earlier than 3.8.2-7+etch3
BACK