Vulnerabilities in LibTIFF
LibTIFF, the open source graphics library, contains bugs in its
LZWDecodeCompat functions. Crafted TIFF files can be used to provoke buffer underflows. Attackers can exploit this vulnerability to inject and execute code.
According to Debian, the bugs are present in versions 3.8.2.x and 3.7.2.x. No official update is available. Linux distributors are, however, already releasing updated packages.
- LibTIFF buffer underflow, Debian bug report.