Vulnerabilities in LibTIFF

LibTIFF, the open source graphics library, contains bugs in its LZWDecode and LZWDecodeCompat functions. Crafted TIFF files can be used to provoke buffer underflows. Attackers can exploit this vulnerability to inject and execute code.

Advertisement

According to Debian, the bugs are present in versions 3.8.2.x and 3.7.2.x. No official update is available. Linux distributors are, however, already releasing updated packages.

See also:

• LibTIFF buffer underflow, Debian bug report.

(trk)